Written By Craig Hand And Presented By Ziften CEO Chuck Leaver
UCLA Health Data Breach Likely Due To Poor Security
UCLA Health revealed on July 17th 2015 that it was the victim of a health data breach impacting as many as 4.5 million health care customers from the four medical facilities it runs in the Southern California area. According to UCLA Health authorities, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no proof yet suggests that the data was stolen. This data went as far back as 1990. The officials also mentioned that there was no proof at this time, that any charge card or monetary data was accessed.
“At this time” is essential here. The info accessed (or possibly stolen, its definitely difficult to understand at this point) is essentially good for the life of that individual and potentially still beneficial past the death of that person. The details offered to the perpetrators included: Names, Addresses, Phone numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical procedures performed, and test outcomes.
Little is known about this cyber attack similar to many others we discover however never hear any real information on. UCLA Health found uncommon activity in sectors of their network in October of 2014 (although access potentially began one month previously), and immediately called the FBI. Finally, by May 2015 – a full 7 months later on – detectives mentioned that a data breach had occurred. Once again, authorities declare that the assailants are more than likely highly advanced, and not in the United States. Finally, we the general public get to become aware of a breach a complete two months later on July 17, 2015.
It’s been stated numerous times before that we as security experts need to be certain 100% of the time, while the bad guys only have to find that 1% that we may not have the ability to remedy. Based on our investigation about the breach, the bottom line is UCLA Health had poor security practices. One reason is based upon the basic reality that the data accessed was not encrypted. We have actually had HIPAA now for some time, UCLA is a well renowned bastion of Higher Education, yet still they cannot secure data in the easiest methods. The claim that these were extremely advanced people is likewise suspicious, as so far no genuine proof has been disclosed. After all, when is the last time that a company that has been breached declared it wasn’t from an “advanced” cyber attack? Even if they declare they have such evidence, as members of the general public we won’t see it in order to vet it properly.
Because there isn’t enough disclosed info about the breach, its tough to figure out if any solution would have assisted in discovering the breach faster rather than later on. However, if the breach started with malware being delivered to and launched by a UCLA Health network user, the likelihood that Ziften could have assisted in discovering the malware and potentially stopping it would have been fairly high. Ziften might have likewise alerted on suspicious, unidentified, or understood malware as well as any interactions the malware might have made in order to spread out internally or to exfiltrate data to an external host.
When are we going to learn? As we all understand, it’s not a matter of if, however when, companies will be attacked. Smart companies are getting ready for the inescapable with detection and response services that mitigate damage.