LOS ANGELES -- UCLA Health said in a press release on Friday that it was a "victim of a criminal cyber attack," possibly compromising the records of 4.5 million people.
"While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual's personal or medical information," officials said in the release.
UCLA Health is working with the FBI, and it has also hired private computer forensic experts to secure information on network servers.
"Our patients come first at UCLA Health and confidentiality is a critical part of our commitment to care," said Dr. James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital System, in a statement. "We sincerely regret any impact this incident may have on those we serve."
The investigation into the data breach began in October 2014 when staff noticed suspicious activity in its network. It was determined months later that the hackers had accessed parts of the network that contain personal information like names, addresses, dates of birth, Social Security numbers and medical record numbers.
Anyone potentially affected will receive a notification on what has happened, and UCLA Health is offering them 12 months of identity theft recovery and protection services at no cost.