Health records are a prime target for identity thieves seeking to steal volumes of personal information. Health care providers must act to ensure that their patient records are kept safe to protect against widespread identity theft.
The University of California, Los Angeles (UCLA) Health System announced on July 17 that it has been hit with a data breach that may have affected as many as 4.5 million patients, according to a report by the Los Angeles Times. As early as October, Dr. James Atkinson, interim president of the UCLA Hospital System, said that unusual activity had been detected on one of its computer servers. Though UCLA worked with the FBI to determine the cause, they were not able to determine that this was a data breach until May 5.
Atkinson added that the parts of the network that were compromised contained names, dates of birth, Social Security Numbers, Medicare and health insurance identification numbers, and patient diagnoses. Some of this information dates back to 1990. However, so far UCLA does not believe that any financial information was compromised.
“They are a highly sophisticated group [of hackers] likely to be offshore,” Atkinson said. “We really don’t know. It’s an ongoing investigation.”
The Los Angeles Times noted that UCLA had not taken all of the necessary steps to secure its patient data. Experts claim that a lack of proper encryption allowed thieves to succeed.
“These breaches will keep happening because the healthcare industry has built so many systems with thousands of weak links,” Dr. Deborah Peel, founder of Patient Privacy Rights in Austin, Texas, told the news source.
UCLA, meanwhile, alleges that it was spending millions of dollars on a major system upgrade that would have reduced the risk of an attack, had it been ready in time. UCLA leaders say that, in light of the breach, they will be notifying each affected patient, and are committed to continuing to strengthen their defenses against future cyber attacks.
Even though it does not appear that any financial data was compromised, identity thieves can still use personal medical data to great effect. The Federal Trade Commission warns that thieves can use stolen medical insurance information for serious fraud. People must be wary of any bill for a medical service that they did not receive, as this could be the result of a data breach at their hospital.
In addition, the Social Security Numbers stolen during this particular breach could be used to set up financial accounts and rack up debts under the names of victims. If not caught quickly, the consequences could be severe. That’s why it’s important for everyone to be proactive about the safety of their financial data.
Consider signing up for a credit monitoring services, which can alert you in the event that certain activity possibly indicative of fraud appears on your credit files. With this information, you can immediately put a freeze on your credit reports and notify agencies that your data has been compromised. You’ll get a head start on putting a stop to the theft and rebuilding your financial life.