UCLA Health cyber attack class action settlement

March 21, 2019
LOS ANGELES, March 21, 2019 /PRNewswire/ -- Class-action litigation arising from a cyber attack announced in July 2015 by UCLA Health has been settled by mutual agreement of the plaintiffs and The Regents of the University of California. On February 21, 2019, the judge overseeing the case granted preliminary approval of the proposed settlement, which provides long-term protection for the current and former patients whose personal information was in the attacked computer network.

Under the proposed settlement, UCLA Health admits no wrongdoing. It maintains that it was not liable for the cyber attack and that, following an extensive investigation, there continues to be no evidence that the cyber attackers actually accessed or acquired personal or medical information. The parties are entering into this agreement to avoid the expense of further litigation and to provide benefits to the individuals whose information was maintained in UCLA Health's computer network.

The proposed settlement terms include:

Two years of free credit monitoring, identity protection services, an insurance package and related benefits available to all settlement class members even if they previously obtained the one-year credit monitoring package offered by UCLA Health in 2015.
A $2 million fund that will be used to reimburse settlement class members who incurred costs seeking to protect against, or remedy, identity theft.
$5.5 million beyond currently budgeted spending – plus any money remaining in the claims reimbursement fund – for the purpose of expediting and implementing cybersecurity enhancements to the UCLA Health computer network.
An independent settlement administrator will manage the settlement and claims process overseen by the judge.

Protecting patient privacy is essential to UCLA's mission. Maintaining data security requires constant vigilance, and UCLA Health applies extensive resources and works with leading experts to enhance preparedness and combat the ongoing threat of cyber attacks.


SOURCE Superior Court, County of Los Angeles