UCLA Health System warns patients personal information was stolen


The UCLA Health System is warning thousands of patients that their personal information was stolen and they are at risk of possible identity theft, officials said in a statement released Friday.

Officials don’t believe the information has been accessed or misused but are referring patients to a data security company if their name and credit are affected.

Information from 16,288 patients was taken from the home of a physician whose house was burglarized Sept. 6, according to the UCLA Health System.


An earlier version of this article included a headline that said the stolen patient information was from 2001 through 2007. It was from 2007 through 2011.

The physician works for UCLA Faculty Practice Group, whose doctors see patients at the outpatient clinics and the four inpatient hospitals: Ronald Reagan UCLA Medical Center, Santa Monica UCLA Medical Center and Orthopedic Hospital, Mattel Children’s Hospital and Resnick Neuropsychiatric Hospital.

The stolen patient data included first and last names as well as some birth dates, medical record numbers, addresses and medical information, officials said. It did not include Social Security numbers, credit card numbers or insurance details. The information was from 2007 through 2011.

The data were on the physician’s external hard drive, officials said. Though the hard drive was encrypted, a piece of paper with the password was nearby and is also missing. The physician notified UCLA the next day and officials began identifying patients affected.

The theft is not the first breach at UCLA. Between 2005 and 2009, hospital officials were repeatedly caught and fired for reviewing, without authorization, the medical records of dozens of celebrities, including Britney Spears and Farrah Fawcett. That prompted a state law imposing escalating fines on hospitals for patient privacy lapses. State regulators later fined Ronald Reagan UCLA Medical Center in connection with privacy breaches involving the records of Michael Jackson.

In the statement, UCLA officials said they would review the hospital’s policies and make any fixes necessary. They have contracted with a data security firm to work with patients and notified the U.S. Department of Health and Human Services Office for Civil Rights, which has previously investigated privacy violations at the hospitals.

“UCLA’s concern for its patients is absolute, and we deeply regret any breach of confidentiality and the stress and concern it might cause our patients,” the statement said.