UCLA Health System failed to properly secure its records and quickly notify as many as 4.5 million patients in a recent hacking incident, a new lawsuit contends.
A Redlands law firm has filed a lawsuit on behalf of Los Angeles resident Miguel Ortiz, a patient of UCLA since 2011, seeking class-action status on behalf of all current and former patients of the health system.
Experts have already criticized UCLA for not encrypting patient data after Anthem Inc. was hacked earlier this year. The vulnerable information contained names, dates of birth, Social Security numbers, health plan identification numbers, and medical information including patient procedures and diagnoses.
UCLA said it is working with the FBI and cybersecurity firms to upgrade security, and it provided patients with a year's worth of identity theft protection. The health system declined to comment on the lawsuit. It does not comment on pending lawsuits, said spokesman Tod Tamberg.
The health system noticed suspicious activity on its computer servers in October 2014 and on May 5 investigators discovered that hackers gained access to patient data, but the public wasn’t notified until July 17.
The lawsuit contends that patients were not notified in a timely manner and that UCLA’s lack of action violated multiple consumer and privacy protection laws.
Ortiz, represented by Redlands attorney Richard McCune, is requesting that UCLA update its security measures, notify all patients who have not been informed of the hack, and provide monetary compensation for those affected.