Written By Craig Hand And Presented By Ziften CEO Charles Leaver
UCLA Health Data Breach Likely Due To Inferior Security
UCLA Health revealed on July 17th 2015 that it was the victim of a health data breach impacting as much as 4.5 million healthcare clients from the 4 medical facilities it runs in the Southern California area. As stated by UCLA Health authorities, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no evidence yet indicates that the data was stolen. This data went as far back as 1990. The authorities likewise mentioned that there was no evidence at this time, that any charge card or financial data was accessed.
“At this time” is crucial here. The information accessed (or perhaps taken, its definitely hard to know at this moment) is essentially good for the life of that individual and potentially still useful past the death of that individual. The info offered to the perpetrators included: Names, Addresses, Contact numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical treatments carried out, and test results.
Little is understood about this cyber attack like so lots of others we discover but never ever hear any real details on. UCLA Health discovered unusual activity in sections of their network in October of 2014 (although access potentially started one month previously), and instantly called the FBI. Lastly, by May 2015 – a complete 7 months later – detectives specified that a data breach had actually happened. Once again, authorities claim that the hackers are more than likely highly sophisticated, and not in the USA. Lastly, we the public get to hear about a breach a full 2 months later on July 17, 2015.
It’s been stated lots of times previously that we as security professionals have to be certain 100% of the time, while the bad guys only have to discover that 1% that we may not be able to remedy. Based on our investigation about the breach, the bottom line is UCLA Health had inferior security practices. One reason is based on the basic reality that the accessed data was not encrypted. We have actually had HIPAA now for a while, UCLA is a well-regarded bastion of Higher Education, yet still they failed to protect data in the easiest ways. The claim that these were highly sophisticated individuals is likewise suspicious, as up until now no genuine evidence has actually been disclosed. After all, when is the last time that a company that has been breached claimed it wasn’t from an “sophisticated” cyber attack? Even if they declare they have such proof, as members of the general public we won’t see it in order to verify it properly.
Considering that there isn’t enough divulged info about the breach, its difficult to determine if any system would have assisted in finding the breach quicker rather than later. Nevertheless, if the breach began with malware being delivered to and executed by a UCLA Health network user, the possibility that Ziften could have helped in discovering the malware and potentially stopping it would have been reasonably high. Ziften might have likewise alerted on suspicious, unknown, or understood malware as well as any communications the malware may have made in order to spread internally or to exfiltrate data to an external host.
When are we going to learn? As we all understand, it’s not a matter of if, but when, companies will be attacked. Smart organizations are getting ready for the inescapable with detection and response services that mitigate damage.