UCLA Health Suffers Possible Medical Breach

Healthcare is Big Business for Cyber Criminals

The healthcare industry is a prime target for attackers because healthcare data is a treasure trove to cybercriminals. By targeting a hospital’s records rather than just a credit card number or financial data, an attacker can easily gather additional personal information from these sources, especially if their goal is identity theft. As a result, medical records are much more valuable to attackers than single credit card numbers. While a credit card can be canceled or changed, a person’s Social Security number, health history and other things cannot. This data retains its value to attackers over time, and can be used in multiple types of fraud.

 

Recently, UCLA Health announced that it was the victim of a criminal cyber attack, potentially affecting as many as 4.5 million patients. The health provider detected suspicious activity in its network in October of 2014, and began investigating the suspicious activity, partnering with the FBI.

While it does not look like any credit card or other financial information was accessed, it appears that the cyber criminals may have gained access to a database containing sensitive patient information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, and health plan information. It is important to note that at this time, UCLA Health has no evidence that the criminals actually accessed or acquired any of the individuals’ personal or medical information data, based on a statement issued July 17, 2015. The event is currently under investigation, and UCLA will notify the patients that may have been compromised, and will provide one year of free credit monitoring.

 

According to Symantec’s 2015 Internet Security Threat Report:

For the fourth year in a row, the healthcare sector reported the largest number of data breaches. There were 116 breaches for the healthcare industry, which accounted for more than a third of all breaches (37 percent).   

 

Data breaches that are the result of hacking were up 82 percent in 2014, and it’s no surprise these numbers are rising every year. There is a thriving underground economy for medical data, which can be used for a multitude of fraudulent activities, fetching a high price on the black market.

 

How Can I Stay Safe?

If you suspect that you could possibly be affected by this data breach, you can start to protect yourself proactively. Here are some things you can do:

  • Be on the lookout for any notifications in the mail from UCLA Health. The organization stated that it will be mailing letters to the affected patients over the next few weeks. These letters will contain details on how to access their identity theft and restoration services that they will be providing.
  • Keep a close eye on your credit report. You can even put a freeze on your credit report with the major reporting bureaus, which will not allow any new accounts to be opened in your name.