A major cyberattack on the University of California, Los Angeles hospital put at risk the personal information for at least 4.5 million people, officials said Friday.

UCLA Health said in a statement that while there’s no evidence hackers acquired personal or medical data, it cannot be ruled out yet. Officials say they are working with the FBI to track down the source of the attacks.

The FBI said in a statement that the agency was looking into the nature and scope of the cyberattack, as well as the person or group responsible.

University of California President Janet Napolitano ordered an outside cybersecurity group to assess the computer security system throughout the UC system and look for potential vulnerabilities.

The months-long attack started as early as September 2014 as hackers accessed a UCLA Health network that contains “personal information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information," the UCLA statement said.

UCLA Health has hired private computer forensic experts to further secure information at its four hospitals. Free identity-protection services will be offered to people who may have been affected.

"We sincerely regret any impact this incident may have on those we serve," said Dr. James Atkinson, UCLA Health's interim associate vice chancellor and president. "We have taken significant steps to further protect data and strengthen our network against another cyber-attack."

UCLA Health includes four hospitals on two campuses — Ronald Reagan UCLA Medical Center; UCLA Medical Center, Santa Monica; Mattel Children's Hospital UCLA; and Resnick Neuropsychiatric Hospital at UCLA — and more than 150 primary and specialty offices throughout Southern California.

The Associated Press contributed to this report.