University of California (UCLA) Health, which runs four hospitals, and drug retailer CVS Health’s photo service had millions of individuals’ private records exposed in a recent cyberattack, reports Reuters.
UCLA Health said that hackers breached its network on May 5, and had accessed systems that contained personal information on about 4.5 million patients and healthcare providers. On-going investigations have shown that attackers may have gained access as early as September 2014.
The organization says it’s working with the FBI as well as a cyber-surveillance firm to look into the breach and has expanded its internal security team to implement new measures to protect its network going forward.
UCLA Health has begun notifying potentially affected individuals by mail and is offering 12 months of identity theft recovery and restoration services as well as credit monitoring and a $1,000,000 insurance reimbursement policy and additional healthcare identity protection tools.
CVSPhoto, which offers photo printing services, noted that customer credit card information collected by an independent vendor that manages its site, may have been compromised. The service has been temporarily suspended.
It’s not yet clear if the two incidents were related. They are the latest in a string of attacks on US-based healthcare organizations.
Insurance firm Premera Blue Cross admitted in March that its systems containing 11 million customer records were breached. In February, health insurer Anthem found its database of 80 million records exposed in a cyber-attack.