UCLA Health breach notification results in confusion, more breaches?

The massive breach at UCLA Health was bad enough, but now it looks like their breach notification resulted not only in confusion, but a second  HIPAA privacy breach. Lisa Zamosky reports:

Steve Reasner recently learned that because he is a patient at UCLA Health, his personal information may now be in the hands of criminals. The health system’s computer network suffered a cyberattack affecting the personal information of as many as 4.5 million people.

The attack was worrisome. But so was the way he learned about it. He received nine separate letters from UCLA, all of which were addressed to other people. So he called to inquire about his medical data and was told he wasn’t among those affected.

He wasn’t sold.

“All of our doctors are at UCLA. I knew for sure that was an incorrect statement,” says the Westwood resident, who works in technology business development.

Two weeks later he received a letter saying that, in fact, his information was part of the cyberattack.

Read more on L.A. Times.

About the author: Dissent