UCLA Health announced today that hackers had accessed parts of its computer network containing personal and medical information. The hack may have occurred as early as last September. The health system said it had not found evidence that any individual’s information had been accessed.

UCLA Health estimated that data on as many as 4.5 million individuals may have been exposed in the attack, believed to be the work of criminal hackers. The university detected suspicious activity in October and realized in May that the hackers had accessed parts of the network containing personal information.

UCLA said in a statement it is working with investigators from the Federal Bureau of Investigation and private computer forensic experts to further secure information on network servers.