UCLA hack Q&A: What you need to know

UCLA Health recently faced a cyberattack that could affect 4.5 million patients.

UCLA Health recently faced a cyberattack that could affect 4.5 million patients.

(Francine Orr / Los Angeles Times)

Up to 4.5 million people may have had their medical information stolen in a recent cyberattack on the UCLA Health System.

Here is what you need to know:

Who is at risk?

Hackers obtained access to parts of the UCLA Health network that contain personal and medical information for its system. However, there is no indication that any information was stolen, the hospital system said, but it couldn’t rule that out.


UCLA said they are working with the FBI and have hired private experts to help secure information on its servers.

There is no word on who performed the attack, but investigators believe it was a highly sophisticated offshore group.

What information was accessed?

Hackers had access to customers’ names, addresses, Social Security numbers, health insurance IDs and diagnosis and treatment records. This breach has potentially compromised personal information and medical records.

The investigation is ongoing and further details regarding the breach will be available at a later date.

How do I know if I was affected?


UCLA Health has been investigating suspicious activity on its network since October, but the intrusion wasn’t confirmed until May.

The hospital system said it would be sending letters to affected patients during the next few weeks, and it will offer 12 months of identity-theft protection services for all potentially affected customers.

Customers with more questions can call (877) 534-5972 or visit

What can I do to protect myself?

The sensitive information that was accessed can create the potential for identity theft.

UCLA Health recommends that users closely monitor their health insurance statements for any products or services they didn’t receive.

The California attorney general’s office recommends that customers who believe they are at risk should contact the three major credit bureaus and submit a fraud alert to protect against identity theft. They should also review credit reports.

It was also advised that customers do not provide personal information through email or phone calls from anyone claiming to be representing UCLA Health. Scammers and phishing attempts may try to take advantage of the situation to steal personal information.