UCLA Health is the latest healthcare organization to be hit by a data breach. The Los Angeles hospital and healthcare network says it discovered on May 5 that hackers had penetrated the parts of the UCLA Health system that contain personal information, like name, address, date of birth, social security number, medical record number, Medicare or health plan ID number, and some medical information (e.g., medical condition, medications, procedures, and test results).
UCLA said it notified the FBI but didn't say why it took it took more than two months to notify the 4.5 million patients whose records may have been accessed.
"We take our responsibility to protect personal information entrusted to us very seriously," UCLA said as it said the attacks may have started as early as September 2014.
Attorney General is concerned
California Attorney General Kamala D. Harris said the breach may pose a risk of sensitive information being compromised, including Social Security numbers (SSNs), separate health insurance IDs, diagnosis and treatment records, and payment information. Medical identity theft can affect both the victim’s finances and medical records.
Potentially impacted individuals should closely watch the Explanation of Benefits statements they receive from their health insurer. If the statement includes a service or product you did not receive, contact the insurer and ask for details. For more information, see First Aid for Medical Identity Theft.
Steps for Responding to Social Security Number Breach:
1. PLACE A FRAUD ALERT. Contact the three major credit bureaus and place a 90 day “fraud alert.” This helps protect you against the possibility of an identity thief opening new credit accounts in your name. When a merchant checks the credit history of someone applying for credit, the merchant gets an “alert” that there may be fraud on the account.
You will reach an automated telephone system. You will also be sent instructions on how to get a free copy of your report from each of the credit bureaus. Order the reports.
2. REVIEW YOUR CREDIT REPORTS. Look through each one carefully. Look for accounts you do not recognize, especially accounts opened since December 2014, when the Anthem breach occurred. Follow the instructions in the report for disputing any questionable information.
3. CONSIDER A SECURITY FREEZE. Placing a security freeze on your credit files offers longer-term protection. For information on how to do this, see “How to Freeze Your Credit Files” at www.oag.ca.gov/privacy/ info-sheets.
4. BE WARY OF PHISHING ATTEMPTS. If you get an email or call from someone claiming to be from Anthem and asking for your personal information, do not provide it. Scammers often take advantage of breaches by offering to help and actually seeking to steal your information. Check with Anthem through the phone number you usually use or one from the phone book, if you want to confirm that such a contact is legitimate.