Los Angeles-based UCLA Health reported it suffered a cyberattack that compromised the personal information of approximately 4.5 million people last week, and now the system is facing a potential class-action lawsuit over the breach.
The lawsuit was filed in U.S. District Court for the Central District of California on Monday and claims UCLA Health System Auxiliary failed to have proper security measures in place to prevent the data breach.
Michael Allen, a UCLA Health patient, filed the lawsuit. In his lawsuit, Mr. Allen alleges UCLA Health failed to adequately secure his private, personal financial information and the information of all others affected by the breach. Mr. Allen's lawsuit includes nine causes of action, including breach of contract and negligence claims.
The health system learned of the attack May 5. According to a Los Angeles Times report, the health system first saw unusual activity in a computer server in October 2014. An initial investigation suggested the cyberattacker had access to the UCLA Health's network since September 2014.
The hackers accessed parts of UCLA's network containing protected health information including names, addresses, birth dates, Social Security numbers, medical record numbers, health plan numbers, Medicare numbers and some medical information.
More articles on healthcare industry lawsuits:
7 latest healthcare industry lawsuits
Physician receives 45-year sentence for administering chemotherapy to healthy patients
Florida Hospital hit with two data breach lawsuits