Written By Craig Hand And Presented By Ziften CEO Chuck Leaver
UCLA Health Data Breach Likely Due To Inferior Security
UCLA Health revealed on July 17th 2015 that it was the victim of a health data breach impacting as much as 4.5 million healthcare clients from the 4 hospitals it runs in the Southern California area. As stated by UCLA Health officials, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no proof yet suggests that the data was taken. This data went as far back as 1990. The authorities also specified that there was no proof at this time, that any charge card or financial data was accessed.
“At this time” is essential here. The info accessed (or potentially taken, its definitely difficult to understand at this moment) is virtually great for the life of that individual and potentially still useful past the death of that person. The information available to the criminals included: Names, Addresses, Phone numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical procedures carried out, and test outcomes.
Little is understood about this cyber attack like so lots of others we discover however never hear any real information on. UCLA Health found uncommon activity in segments of their network in October of 2014 (although access possibly started one month earlier), and instantly called the FBI. Finally, by May 2015 – a complete 7 months later – investigators stated that a data breach had actually happened. Again, officials declare that the cyber attackers are more than likely highly advanced, and not in the USA. Finally, we the public get to hear about a breach a complete 2 months later on July 17, 2015.
It’s been stated so many times previously that we as security specialists need to be correct 100% of the time, while the cyber criminals just need to find that 1% that we might not be able to remedy. Based upon our research about the breach, the bottom line is UCLA Health had inferior security practices. One reason is based upon the basic reality that the data accessed was not encrypted. We have had HIPAA now for some time, UCLA is a well renowned bastion of Higher Education, yet still they failed to protect data in the simplest ways. The claim that these were extremely advanced individuals is likewise suspicious, as so far no real proof has been produced. After all, when is the last time that a company that has been breached claimed it wasn’t from an “sophisticated” attack? Even if they claim they have such evidence, as members of the general public we will not see it in order to verify it properly.
Since there isn’t really enough divulged info about the breach, its difficult to figure out if any solution would have assisted in discovering the breach quicker rather than later on. However, if the breach began with malware being delivered to and executed by a UCLA Health network user, the probability that Ziften might have helped in discovering the malware and potentially stopping it would have been reasonably high. Ziften might have likewise notified on suspicious, unknown, or known malware in addition to any interactions the malware might have made in order to spread out internally or to exfiltrate data to an external host.
When are we going to learn? As all of us understand, it’s not a matter of if, however when, organizations will be attacked. Smart organizations are getting ready for the inescapable with detection and response solutions that mitigate damage.