University of California, San Francisco

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

UCSF Data Breach Incident

The University of California, San Francisco (UCSF) experienced a significant cybersecurity incident in June 2020. On June 1, UCSF IT staff detected a security incident within the UCSF School of Medicine’s IT environment. The attack involved ransomware, which is a type of malware that encrypts data on infected systems, rendering it inaccessible to users. The attackers used this malware to encrypt a limited number of servers within the School of Medicine, making them temporarily inaccessible[2][3][6][7][17][19].

UCSF responded by quarantining several IT systems within the School of Medicine as a safety measure and successfully isolated the incident from the core UCSF network. This action ensured that patient care delivery operations, the overall campus network, and COVID-19 work were not affected[2][3][6][7][17][19].

During the attack, the cybercriminals obtained some data as proof of their action, which they used to demand a ransom payment. UCSF conducted an investigation with the help of a leading cybersecurity consultant and other outside experts to investigate the incident and reinforce their IT systems’ defenses[2][3][6][7][17][19].

Despite the efforts to stop the attack and recover the encrypted data, UCSF made the difficult decision to pay a portion of the ransom, approximately $1.14 million, to the attackers. In exchange, they received a tool to unlock the encrypted data and the return of the data they obtained[2][3][6][7][17][19].

The attackers, identified as the Netwalker ransomware group, initially demanded $3 million, but after negotiations, UCSF agreed to pay $1.14 million. The negotiations were followed in a live chat on the dark web, and the ransom was paid in Bitcoin[14][19].

UCSF has been working with law enforcement, including the FBI, on the investigation. They have also taken steps to restore the affected servers and reinforce their cybersecurity measures to prevent future incidents[2][3][6][7][17][19].

In addition to this incident, UCSF has experienced other security issues, such as an email phishing breach reported in April 2023, where patient identifiers and health information were compromised[21]. However, this breach is separate from the ransomware attack.

UCSF has notified individuals whose personal information may have been impacted by the cybersecurity incident and has established a dedicated phone line to provide information and assistance to those affected[16]. They have also alerted the California Department of Public Health and federal authorities, and are notifying the California Attorney General and the HHS Secretary[21].

The incident at UCSF is a reminder of the growing use of malware by cybercriminals around the world seeking monetary gain, and the challenges institutions face in protecting their IT environments from such attacks[2][3][6][7][17][19].

Citations:

  1. https://www.ucsf.edu/uc-data-breach-take-action-protect-yourself
  2. https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf
  3. https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/21144348/ucsf-pays-114m-ransom-to-stop-cyberattack-impacting-academic-work
  4. https://it.ucsf.edu/standard-guideline/ucsf-incident-investigation-procedures
  5. https://www.sfgate.com/bayarea/article/ucsf-employee-sentenced-using-tuition-money-18672766.php
  6. https://www.fiercehealthcare.com/tech/ucsf-pays-hackers-1-14m-to-regain-access-to-medical-school-servers
  7. https://www.securityweek.com/ucsf-pays-cybercriminals-114-million-recover-files-after-ransomware-attack/
  8. https://it.ucsf.edu/how-to/report-security-incident
  9. https://bnnbreaking.com/breaking-news/crime/ucsf-administrator-sentenced-for-15-million-tuition-fraud-scheme
  10. https://www.forbes.com/sites/daveywinder/2020/06/29/the-university-of-california-pays-1-million-ransom-following-cyber-attack/?sh=405d406018a8
  11. https://ohcp.ucsf.edu/report-privacy-incident
  12. https://it.ucsf.edu/standard-guideline/ucsf-650-16-addendum-c-ucsf-incident-investigation
  13. https://www.freep.com/story/news/local/michigan/2023/08/30/university-michigan-internet-outage-cyber-attack-malware/70715772007/
  14. https://www.bbc.com/news/technology-53214783
  15. https://it.ucsf.edu/how-to/security-incident-response-announcements
  16. https://www.ucsf.edu/news/2020/11/418981/ucsf-notifies-individuals-regarding-cybersecurity-incident
  17. https://www.cbsnews.com/sanfrancisco/news/cyber-attack-ucsf-medical-school-ransom/
  18. https://it.ucsf.edu/how-to/snvr
  19. https://www.zdnet.com/article/university-of-california-sf-pays-ransomware-hackers-1-14-million-to-salvage-research/
  20. https://it.ucsf.edu/directory/team/it-security
  21. https://www.ucsf.edu/news/2023/04/425266/ucsf-statement-email-phishing-breach
  22. https://oag.ca.gov/privacy/databreach/list
Breach Submission Date Apr 26, 2023
Converted Entity Name University of California, San Francisco
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 676
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes