Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations
Our spring member drive has ended, but it's not too late to give. You have the power to help fund the essential journalism that keeps us all informed. Help us close the gap on our spring fundraising goal! GIVE NOW

UCLA Health Says 4.5M May Be Affected In Data Breach

UCLA Health says it was a victim of a criminal cyberattack that affected as many as 4.5 million people.

UCLA Health, in a statement Friday, said attackers accessed parts of the computer network that contain personal and medical information, but there is no evidence they "actually accessed or acquired any individual's personal or medical information." The statement said UCLA Health is working with the FBI and has hired private computer forensic experts to help in the investigation.

"We take this attack on our systems extremely seriously," Dr. James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital System, said in the statement. "Our patients come first at UCLA Health and confidentiality is a critical part of our commitment to care."

Here's more from the statement:

"UCLA Health detected suspicious activity in its network in October 2014, and began an investigation with assistance from the FBI. At that time, it did not appear that the attackers had gained access to the parts of the network that contain personal and medical information. As part of that ongoing investigation, on May 5, 2015, UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information. Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014. We continue to investigate this matter."

The Los Angeles Times reports the information the hackers accessed was not encrypted. The newspaper adds:

"The failure to take that additional precaution has generated criticism in other high-profile cyberattacks. In February, health insurance giant Anthem Inc. said it had suffered a massive data breach exposing the personal information of about 80 million people."

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Krishnadev Calamur is NPR's deputy Washington editor. In this role, he helps oversee planning of the Washington desk's news coverage. He also edits NPR's Supreme Court coverage. Previously, Calamur was an editor and staff writer at The Atlantic. This is his second stint at NPR, having previously worked on NPR's website from 2008-15. Calamur received an M.A. in journalism from the University of Missouri.