On July 17th,  the UCLA Health System publicly disclosed that it had been hacked since  September of 2014 although the hack was discovered by UCLA on May 5th.  I reported the hacking on Scamicide shortly after the public announcement by UCLA.  The compromised information  is a treasure trove of data for identity thieves.  It included names, Social Security numbers, medical records, ID numbers and addresses on 4.5 million people.  But, as I always say, things aren’t as bad as you think — they are worse.  The stolen data was totally unencrypted making the threat to the people in the UCLA Health Systems computers more serious.

Medical identity theft can not only result in your financial life being threatened.  The mixing of medical records of the victim of the identity theft with the medical records of the identity thief utilizing the medical insurance can potentially be deadly, such as when a person might receive the wrong blood type in a transfusion or a drug to which they may be seriously allergic.  Again, compounding the problem, it can be extremely difficult or even impossible to remove the identity thief’s medical information from the victim’s medical records after the problem has been discovered due to quirks in the medical privacy laws.

Now the law firm of McCuneWright LLP has filed a lawsuit on behalf of one of the UCLA Health System patients, Miguel Ortiz and is seeking to have the lawsuit made a class action on behalf of all of the affected patients both past and present.  The lawsuit argues that UCLA was negligent in its actions.  This seems to be a  continuation of a new trend of people affected by data breaches suing the companies from whom their data was stolen when the companies have been negligent in protecting the data.


If you are one of the people affected by this data breach, UCLA should have already notified you by regular mail explaining your options.  They are not notifying people by email or text messages so if you receive such a communication, you should not click on any links contained in the email or text message because they have been sent by an identity thief as a phishing email attempting to lure you into downloading malware by clicking on the link.

Those people affected are being offered free credit monitoring for a year.  They also should monitor their financial and medical insurance accounts carefully for early indications of fraud.  Putting a credit freeze on their credit reports would also be a good step to take.  You can find more information about credit freezes here in the Scamicide archives.

Here is a link to a press release by UCLA which describes the data breach and your options.


However, if you are interested in more information about the class action lawsuit, you can contact McCuneWright LLP through this link:  http://www.mccunewright.com/contact.php