UCLA Health announced this week that 1,242 patients are being notified about the theft of a faculty member’s laptop computer containing names, medical record numbers and health information used to prepare patient treatment plans.
According to UCLA, no Social Security numbers, health plan ID numbers, credit card numbers or other financial data were stored on the stolen laptop, which was password protected and was reported stolen on July 3.
UCLA Health officials said they immediately initiated an analysis of a backup disk made available by the faculty member—whose name was not released—to determine whether protected health or other restricted information was stored on the laptop and, if so, who was affected.
The review was completed on Aug. 14.
“At this time, there is no evidence that any individual’s personal or medical information stored on the laptop has been accessed, disclosed or used,” according to a UCLA Health statement. “UCLA Health has policies and programs in place to identify “red flags” or warnings of possible medical identity theft and inform patients when these are found.”
UCLA Health notified regulators of the theft and established a special phone line—(888) 236-0447—to provide information and assistance to those who receive notification letters.
It’s the second time this summer that UCLA Health has revealed a computer-related problem affecting patients.
On July 17, the health system reported that a cyber attack on its computer system may have exposed the records of up to 4.5 million people, but said there was no evidence that any personal or medical information was illegally accessed.
An investigation was launched last October when UCLA Health staff noticed “suspicious activity.” The health system notified the FBI and hired private forensic computer experts to investigate the breach.
On May 5, “UCLA Health determined that the attackers had accessed parts of the UCLA Health network that contain personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information,” according to UCLA. “Based on the continuing investigation, it appears that the attackers may have had access to these parts of the network as early as September 2014.”
The health system offered all of those potentially affected by the attack a year of identity theft recovery and restoration services. Patients whose Social Security or Medicare identification number were stored on the affected parts of the network were provided 12 months of free credit monitoring.
The breach prompted University of California President Janet Napolitano to order a review of UC cyber security systemwide.
