Up to 4.5 million people’s private health records may have been compromised by a cyber attack on the UCLA Health System. While the health care system announced last week that hackers infiltrated parts of its network that include medical and personal information on millions of customers, it is not sure whether the hackers were able to access or steal the data. 

See also: The 10 most expensive data breaches

The announcement is the first time UCLA has made public its long-held suspicions that its system had been targeted by a criminal scheme. According to a release by the university, it first contacted the FBI in October, and had been coordinating with law enforcement to investigate possible security breaches. While malicious behavior seemed apparent, UCLA was not sure until May that hackers had accessed parts of its system with sensitive information. 

In an apparent justification of the delayed announcement, UCLA noted in its statement that cyber attacks happen daily in the world of health care, saying that it fights off millions of attempted hacks of its system every year. 

The health care provider, which oversees four hospitals and over 150 primary and specialty care offices in California, is in the process of notifying those whose information may have been swiped. It plans to offer all such customers a year of identity theft recovery and restoration services. Anyone whose Social Security or Medicare identification numbers may have been compromised will receive a year of credit monitoring. 

“We sincerely regret any impact this incident may have on those we serve,” said James Atkinson, the interim associate vice chancellor and president of the UCLA Hospital System, in a statement. “We have taken significant steps to further protect data and strengthen our network against another cyber attack.”