Late last week, UCLA Health – the Californian university’s hospital – announced it had suffered a cyber attack on its network, potentially exposing the personal and medical information of nearly 5 million patients. In a statement, the hospital said it had determined the attacker had accessed parts of the UCLA Health system, which contained names, addresses, dates of births, social security numbers, medical record numbers, insurance information, as well as patients’ medical conditions, procedures, test results and medications. “We have notified and are working with the Federal Bureau of Investigation regarding this cyber attack,” said UCLA Health.
“We continue to investigate the attack with help from third-party computer forensics experts. There are indications that the attacker may have had access to the UCLA Health network as early as September 2014. Our investigation is on-going.”
The hospital noted that it has not found any evidence that the attacker actually accessed or acquired the personal or medical information on its network, but said it could not “conclusively rule out that possibility.” Tripwire Senior Security Analyst Ken Westin warns the lack of evidence may not necessarily mean the data was not extracted. "Healthcare and other organizations may simply not have the detective controls in place to collect evidence, or the attackers utilized advanced methods of exfiltration to avoid detection," said Westin. UCLA Health stated it is currently taking steps to protect data and has already made modifications to its network to help protect against future cyber attacks. “We take our responsibility to protect personal information entrusted to us very seriously,” added UCLA Health. According to reports, the hospital group has expanded its internal security team, and has engaged with a cybersecurity firm to actively monitor for signs of suspicious activity. Potentially affected individuals are in the process of being notified and are offered one free year of identity protection and credit monitoring services. “We recommend that potentially impacted individuals remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring credit reports,” said the hospital.
Healthcare providers, insurance companies and universities have become a common target for cybercriminals seeking large databases of personal information that can be easily sold on the underground black market.
"Similar to what we saw with retail when one mega breach led to another, as predicted, we are seeing a similar scenario play out in healthcare," Westin explains.
"Organized criminal syndicates have found ways to monetize data found in patient databases through various forms of fraud, as well as the fact that common vulnerabilities exist across healthcare organizations due to similarities in IT architecture, tools and data structures," Westin concluded.