UCLA will pay $7.5 million in claims, cyber enhancements to settle 2015 breach

When it occurred in July 2015, it was the fourth-biggest healthcare data breach to date – and nearly four years of regular cyberattacks later, it's still in the top five. Now, to settle with some 4.5 million UCLA Health System patients whose records, most of them unencrypted, were compromised after hackers gained access to the network, UCLU will pay $7.5 million. According to the settlement agreement, in addition to the usual credit monitoring, identity theft protection and insurance (two years' worth), UCLA Heath will create a $2 million fund to help reimburse claimants for any preventive or remedial measures related to identity theft. To bolster its cyber defenses and, ideally, help prevent any similar data breaches going forward, the health system will also earmark $5.5 million, "beyond currently budgeted spending – plus any money remaining in the claims reimbursement fund – for the purpose of expediting and implementing cybersecurity enhancements to the UCLA Health computer network."