Chuck Leaver – The Same Old Story With The UCLA Health Data Breach

Written By Craig Hand And Presented By Ziften CEO Charles Leaver

UCLA Health Data Breach Probably Down To Poor Security

UCLA Health revealed on July 17th 2015 that it was the victim of a health data breach affecting as many as 4.5 million healthcare customers from the four medical facilities it runs in the Southern California region. As stated by UCLA Health officials, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed however no evidence yet suggests that the data was stolen. This data went as far back as 1990. The authorities likewise specified that there was no proof at this time, that any credit card or financial data was accessed.

“At this time” is essential here. The info accessed (or possibly stolen, its definitely difficult to understand at this point) is practically great for the life of that person and potentially still beneficial past the death of that individual. The info readily available to the criminals consisted of: Names, Addresses, Contact numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical treatments performed, and test outcomes.

Little is known about this cyber attack similar to lots of others we find out about but never ever hear any real information on. UCLA Health discovered uncommon activity in sectors of their network in October of 2014 (although access potentially started one month previously), and immediately called the FBI. Finally, by May 2015 – a complete 7 months later on – investigators specified that a data breach had taken place. Once again, officials declare that the enemies are most likely highly advanced, and not in the country. Finally, we the general public get to become aware of a breach a complete 2 months later on July 17, 2015.

It’s been said numerous times previously that we as security professionals need to be correct 100% of the time, while the cyber criminals just have to find that 1% that we may not be able to remedy. Based on our investigation about the breach, the bottom line is UCLA Health had inferior security practices. One reason is based upon the simple fact that the data accessed was not encrypted. We have had HIPAA now for a while, UCLA is a well-regarded bastion of Higher Education, yet still they failed to safeguard data in the easiest methods. The claim that these were highly sophisticated people is also suspect, as up until now no genuine evidence has actually been produced. After all, when is the last time that an organization that has been breached declared it wasn’t from an “sophisticated” attack? Even if they declare they have such evidence, as members of the general public we won’t see it in order to vet it properly.

Since there isn’t enough disclosed info about the breach, its tough to figure out if any system would have helped in finding the breach quicker rather than later on. However, if the breach started with malware being delivered to and executed by a UCLA Health network user, the likelihood that Ziften might have helped in finding the malware and potentially stopping it would have been fairly high. Ziften could have likewise alerted on suspicious, unknown, or known malware as well as any interactions the malware might have made in order to spread internally or to exfiltrate data to an external host.

When are we going to learn? As all of us understand, it’s not a matter of if, however when, organizations will be breached. Smart organizations are preparing for the inevitable with detection and response systems that reduce damage.


No Responses Yet to “Chuck Leaver – The Same Old Story With The UCLA Health Data Breach”

Leave a Reply