University of California, San Francisco
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
UCSF Data Breach Incident
The University of California, San Francisco (UCSF) experienced a significant cybersecurity incident in June 2020. On June 1, UCSF IT staff detected a security incident within the UCSF School of Medicine’s IT environment. The attack involved ransomware, which is a type of malware that encrypts data on infected systems, rendering it inaccessible to users. The attackers used this malware to encrypt a limited number of servers within the School of Medicine, making them temporarily inaccessible[2][3][6][7][17][19].
UCSF responded by quarantining several IT systems within the School of Medicine as a safety measure and successfully isolated the incident from the core UCSF network. This action ensured that patient care delivery operations, the overall campus network, and COVID-19 work were not affected[2][3][6][7][17][19].
During the attack, the cybercriminals obtained some data as proof of their action, which they used to demand a ransom payment. UCSF conducted an investigation with the help of a leading cybersecurity consultant and other outside experts to investigate the incident and reinforce their IT systems’ defenses[2][3][6][7][17][19].
Despite the efforts to stop the attack and recover the encrypted data, UCSF made the difficult decision to pay a portion of the ransom, approximately $1.14 million, to the attackers. In exchange, they received a tool to unlock the encrypted data and the return of the data they obtained[2][3][6][7][17][19].
The attackers, identified as the Netwalker ransomware group, initially demanded $3 million, but after negotiations, UCSF agreed to pay $1.14 million. The negotiations were followed in a live chat on the dark web, and the ransom was paid in Bitcoin[14][19].
UCSF has been working with law enforcement, including the FBI, on the investigation. They have also taken steps to restore the affected servers and reinforce their cybersecurity measures to prevent future incidents[2][3][6][7][17][19].
In addition to this incident, UCSF has experienced other security issues, such as an email phishing breach reported in April 2023, where patient identifiers and health information were compromised[21]. However, this breach is separate from the ransomware attack.
UCSF has notified individuals whose personal information may have been impacted by the cybersecurity incident and has established a dedicated phone line to provide information and assistance to those affected[16]. They have also alerted the California Department of Public Health and federal authorities, and are notifying the California Attorney General and the HHS Secretary[21].
The incident at UCSF is a reminder of the growing use of malware by cybercriminals around the world seeking monetary gain, and the challenges institutions face in protecting their IT environments from such attacks[2][3][6][7][17][19].
Citations:
- https://www.ucsf.edu/uc-data-breach-take-action-protect-yourself
- https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf
- https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/21144348/ucsf-pays-114m-ransom-to-stop-cyberattack-impacting-academic-work
- https://it.ucsf.edu/standard-guideline/ucsf-incident-investigation-procedures
- https://www.sfgate.com/bayarea/article/ucsf-employee-sentenced-using-tuition-money-18672766.php
- https://www.fiercehealthcare.com/tech/ucsf-pays-hackers-1-14m-to-regain-access-to-medical-school-servers
- https://www.securityweek.com/ucsf-pays-cybercriminals-114-million-recover-files-after-ransomware-attack/
- https://it.ucsf.edu/how-to/report-security-incident
- https://bnnbreaking.com/breaking-news/crime/ucsf-administrator-sentenced-for-15-million-tuition-fraud-scheme
- https://www.forbes.com/sites/daveywinder/2020/06/29/the-university-of-california-pays-1-million-ransom-following-cyber-attack/?sh=405d406018a8
- https://ohcp.ucsf.edu/report-privacy-incident
- https://it.ucsf.edu/standard-guideline/ucsf-650-16-addendum-c-ucsf-incident-investigation
- https://www.freep.com/story/news/local/michigan/2023/08/30/university-michigan-internet-outage-cyber-attack-malware/70715772007/
- https://www.bbc.com/news/technology-53214783
- https://it.ucsf.edu/how-to/security-incident-response-announcements
- https://www.ucsf.edu/news/2020/11/418981/ucsf-notifies-individuals-regarding-cybersecurity-incident
- https://www.cbsnews.com/sanfrancisco/news/cyber-attack-ucsf-medical-school-ransom/
- https://it.ucsf.edu/how-to/snvr
- https://www.zdnet.com/article/university-of-california-sf-pays-ransomware-hackers-1-14-million-to-salvage-research/
- https://it.ucsf.edu/directory/team/it-security
- https://www.ucsf.edu/news/2023/04/425266/ucsf-statement-email-phishing-breach
- https://oag.ca.gov/privacy/databreach/list