After a series of other healthcare system data breaches, UCLA Health System is the latest to suffer a major data breach — along with a class action lawsuit. Consumer Affairs reports that UCLA uncovered the breach at the beginning of May, yet waited until July 17 to notify the general public. As of July 21, The National Law Review reports that former patient and plaintiff Michael Allen filed a class action lawsuit against the healthcare system on July 21.
This lawsuit alleges that UCLA did not prevent the breach due to a lack safeguards in place to protect personal and sensitive information. Hackers were able to access patients social security numbers, medical record numbers, addresses, names, dates of birth and more. This breach is estimated to have affected around 4.5 million former patients.
In the healthcare system's press release, it first noticed suspicious network activity around October 2014. Soon afterwards, it began an investigation with the help of the FBI and first it was determined that the hackers had not accessed any sensitive information. However, after further investigation it was found that attackers may have gained access to the information in September 2014. It was not until May that UCLA was aware of the extent of the breach.
"The UCLA breach illustrates another area of concern: the ability of entities to effectively investigate potential breaches," The National Law Review writes. "… UCLA's investigation spanned a number of months, giving the hackers more time to nefariously use the information before countermeasures could be taken. This point was not lost on the plaintiff in the class action, with the complaint describing UCLA's response as 'dilatory' and accusing the system of delaying its notification to individual consumers."
Companies that are interested in protecting personal information should invest in a secure credit card payment processor from 911 Software today.