• Cullen and Dykman LLP Blogs

  • Archives

  • Another Day, Another Data Breach – Could You Be Next?

    The University of California, Los Angeles (“UCLA”) Health has been the latest victim of a cyber-attack at a time when cybercriminals are targeting just about everyone. Recently, hackers broke into UCLA Health System’s computer network and may have accessed sensitive information that could affect up to 4.5 million patients.

    UCLA is unsure of what, if any, information was compromised during the attack. Dr. James Atkinson, interim president of the UCLA Hospital System, said that the hospital detected unusual activity on one of its computer servers in October 2014 and began investigating with help from the FBI. In May 2015, investigators determined that the hackers had gained access to parts of the UCLA Health’s computer network where some patient information was stored, including dates of birth, Social Security numbers, Medicare and health plan identification numbers and even some medical information such as diagnoses and procedures.

    This cyber-attack comes in the wake of major breaches to companies such as Target, Anthem Inc. (a health insurance giant) and even federal employee records. As a result of these major attacks, many cybersecurity experts are commenting that UCLA allegedly did not take the basic step of encrypting its patient data. In response Atkinson stated, “no institution in today’s environment of constant cyberthreats and attacks is immune from this risk…. We also realize that, at UCLA and throughout the UC System, we need to learn from this event and further strengthen our defenses.”

    Upon learning of the breach, the hospital began notifying those who may be affected. Additionally, it is offering one year of identity theft recovery services to affected individuals as well as one year of free credit monitoring for those whose Social Security number or Medicare ID number has been compromised.

    Interestingly, this is not UCLA’s first time dealing with cybersecurity issues. In 2008 it was at the center of a scandal involving employees who accessed and sold the medical records of Britney Spears, Farrah Fawcett and Maria Schriver, among others. After one of its employees was convicted of selling celebrity information to the National Enquirer, UCLA paid $865,500 as part of a settlement with federal regulators.

    Institutions are encouraged to review its cybersecurity policies and ensure that they are covered and prepared to handle threats to their systems. They should also take as many precautions as possible to prevent data breaches, such as encrypting data. Data breaches are becoming more and more common and any steps that can be taken to prevent it should be exercised.

    If you or your institution has any questions or concerns regarding cybersecurity related issues, please email Cynthia A. Augello at caugello@cullenanddykman.com or call her at (516) 357-3753.

    A special thank you to Lauren Dwarika, a law clerk at Cullen and Dykman LLP, for her assistance with this blog post.