Cyber Incident Victim: University of California, Los Angeles

On July 17, 2015, UCLA Health disclosed a cyberattack that compromised the personal and medical data of approximately 4.5 million individuals. The breach involved unauthorized access to a network containing sensitive information, including names, addresses, Social Security numbers, medical conditions, prescribed medications, procedures performed, and test results. UCLA Health stated it had no conclusive evidence that data was exfiltrated but acknowledged it could not definitively rule out data theft. The organization confirmed the exposed data was stored without encryption, significantly increasing potential risks for affected individuals, as unencrypted data could be readily exploited for identity theft or fraud. Notification efforts for impacted individuals were underway at the time of the announcement, though the specific timeline of the attack and its discovery remained undisclosed.

The incident marked one of several major healthcare sector breaches in 2015, following high-profile attacks on Anthem and Premera Blue Cross, which collectively exposed records of tens of millions of Americans. UCLA Health did not attribute the attack to any specific threat actor or nation-state, contrasting with the Anthem breach earlier that year, where the FBI investigated potential state-sponsored involvement. The lack of encryption drew particular scrutiny, as it left sensitive health data vulnerable despite industry warnings about cybersecurity vulnerabilities in medical systems. No ransomware or financial motive was cited in UCLA’s disclosure, distinguishing it from some contemporaneous healthcare breaches. The breach underscored systemic risks in healthcare data stewardship, with compromised information enabling long-term exploitation due to the static nature of identifiers like Social Security numbers and medical histories.