Dive Brief:
- UCLA Health System on Friday announced that it has been the victim of a criminal cyberattack that has comprised the data of up to 4.5 million people.
- Hackers accessed a database containing personal and medical information; however, according to the hospital there is no evidence that any data was taken.
- The hospital says it saw unusual activity in one of its computer servers in October, confirmed in May to have been hacker access. The affected information was not encrypted.
Dive Insight:
Cue the use of the word "sophisticated" to describe a cyberattack: "They are a highly sophisticated group likely to be offshore," Dr. James Atkinson, interim associate vice chancellor and president, said. "We really don't know. It's an ongoing investigation." UCLA will likely face some blowback for its lack of encryption, a criticism that plagued Anthem following its high-profile breach earlier this year.
A recent survey by the Healthcare Information and Management Systems Society (HIMSS) of 297 health IT execs showed that two-thirds had a "significant" data security breach this past year, yet few have the resources to handle the risk. Forty-two percent of responders believed there are "too many emerging and new threats to track," according to a HIMSS statement.