UCLA Health, one of the leading academic medical centers in the United States, disclosed in July 2015 that attackers had accessed parts of its network containing personal and medical information for approximately 4.5 million individuals. The attackers first accessed the network as early as September 2014 and were detected in May 2015. Exposed data included names, addresses, dates of birth, Social Security numbers, Medicare or health plan ID numbers, medical record numbers, and some medical information such as diagnoses, procedures, test results, and medications. The breach was part of a wave of healthcare sector intrusions by Chinese state-sponsored threat actors also responsible for the Anthem breach (January 2015, 78.8M records) and Premera Blue Cross breach (disclosed March 2015, 11M records). In 2016, HHS OCR issued guidance around the healthcare industry’s vulnerability to nation-state attackers. UCLA Health settled a class action lawsuit for $7.5 million in 2016.