A UCLA Health patient filed a class action suit against the health care provider Monday for inadequately storing personal and medical information.
The patient, Michael Allen, was a potential victim in a recent cyber attack against UCLA Health’s computer network. The attack may have exposed the personal and medical information of as many as 4.5 million patients.
Allen said in the lawsuit, which he filed against UCLA Health and the University of California Board of Regents, that he seeks monetary or statutory compensation and any form of relief UCLA Health and the Board of Regents can provide for patients affected by the cyber attack.
The lawsuit was filed in the United States District Court for the Central District of California.
UCLA officials said even though there is evidence hackers had access to the personal information, there is no evidence that the information was actually taken, said UCLA spokesman Tod Tamberg. UCLA is currently investigating the parts of the computer system that were involved in the cyber attack.
Tamberg said UCLA officials declined to comment about the ongoing lawsuit.
The cyber attack, announced last week, may have exposed patients’ personal and medical information, including names, addresses, dates of birth, Medicare or health plan ID numbers, Social Security numbers and medical record numbers.
The health care provider contacted the FBI in October after the provider detected suspicious activity. The investigation, concluded in May, said that the hackers may have had access to the information as early as September.
UCLA Chancellor Gene Block said in a press release that UCLA Health officials would notify patients on a rolling basis and offer them resources, such as 12 months of identity theft recovery and health care identity protection tools for those affected.
Other companies, including health care companies, have had lawsuits filed against them following cyber attacks, with mixed results.
Target customers filed lawsuits against the department store after it was announced in 2013 that their credit card information and addresses may have been stolen in a cyber attack. A judge approved a preliminary settlement in March that would give up to $10,000 to each customer who had information stolen.
In February, Anthem Blue Cross announced a cyber attack that exposed the personal and medical information of as many as 80 million patients, including UCLA students covered by the UC Student Health Insurance Plan. Several patients filed lawsuits asking for monetary compensation or other forms of relief, which are currently being evaluated.
Compiled by Alejandra Reyes-Velarde and Roberto Luna Jr., Bruin senior staff.