UCLA Health Network Says It Was a Victim of Criminal Cyberattack

Wednesday, July 22, 2015
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

UCLA Health claims it was a victim of a data breach that may affect as many as 4.5 million people.

What Did the Attackers Retrieve?

Hackers accessed parts of the UCLA Health network, which contain personal and medical information. This included customers’ and patients’ names, addresses, social security numbers, health insurance IDs and diagnosis and treatment records.

There is no indication any information was stolen, the hospital system said, but added that it couldn’t rule it out.

UCLA Health is Taking Action.

Since October 2014, UCLA Health has been investigating suspicious activity on its network. However, the intrusion wasn’t confirmed until May 2015.

It’s not known who carried out the attack, but investigators believe it was a foreign group. UCLA says it is working with the FBI and private experts to protect the information on its servers. The investigation is ongoing.

The hospital system released a statement, providing tips and answering frequently asked questions, on its website. To read it, click here.

UCLA Health said it would send letters to affected patients. UCLA said it will also offer 12 months of identity-theft protection services to all of the potential victims.


Have you ever been a victim of a data breach? Do you think UCLA Health is handling this issue properly? Please leave any thoughtful comments below.

Contact an Experienced Health Care Attorney.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigations and defending alleged HIPAA and FIPA complaints and violations and in advising on data breaches.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.


Calamur, Krishnadev. “UCLA Health Says 4.5M May Be Affected in Data Beach.” (July 17, 2015). NPR. From: http://www.npr.org/sections/thetwo-way/2015/07/17/423893626/ucla-health-says-4-5m-may-be-affected-in-data-breach

Shively, Nick. “UCLA hack Q&A: What you need to know.” (July 17, 2015). From: http://www.latimes.com/business/la-fi-ucla-hack-20150717-story.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

KeyWords: data breach, breach in privacy, health law, health care attorney, health law attorney, UCLA Health, health care lawyer, data breach attorney, health care investigation, Florida attorney, HIPAA lawyer, data breach, attorney, medical records, breach of medical privacy, health care law, hospitals, HIPAA, HIPAA laws, breach of confidentiality counsel, physicians, physician attorney, health care defense attorney, health care defense lawyer, The Health Law Firm reviews

"The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2015 The Health Law firm. All rights reserved.

Like this blog? Add your public comments:

Items in bold indicate required information.