UCSF pays ransom of $1.14 million to online hackers

by John R. Fischer, Senior Reporter | July 06, 2020

UCSF has paid approximately $1.14 million to online hackers who encrypted its servers and data needed for research.

The University of California, San Francisco has paid approximately $1.14 million to hackers behind a malware attack that compromised a number of its servers and data.

The incident occurred in a limited part of the UCSF School of Medicine's IT environment on June 1 and was detected and disclosed by UCSF IT staff two days later. The attack encrypted a number of servers, making them temporarily inaccessible.

“We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network,” said the university in a statement. “Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work.”

New Fully Configured 80-slice CT in 2 weeks with Software Upgrades for Life

For those who need to move fast and expand clinical capabilities -- and would love new equipment -- the uCT 550 Advance offers a new fully configured 80-slice CT in up to 2 weeks with routine maintenance and parts and Software Upgrades for Life™ included.

The university stopped the attack as it occurred and has since hired a cybersecurity consultant and other outside experts to investigate the incident and evaluate the defenses of its IT systems.

It believes the attack did not target a specific area, though attackers did obtain some data that they used as demand for a ransom payment. While it does not believe patient medical records were exposed, the university chose to pay the ransom, due to the information being important for academic work it conducts. In exchange, the attackers provided it with a tool to unlock and retrieve the encrypted data.

Ransomware attacks have cost healthcare organizations more than $157 million over the past five years, according to a report released in February by online services firm Comparitech. Another report by Microsoft found that several dozen hospitals have become especially vulnerable to such attacks on their gateway and VPN appliances as a result of the COVID-19 pandemic.

An incident in October led DCH Health System in Alabama to pay attackers, though it did not reveal the amount it paid. It also sent new patients to neighboring facilities in Birmingham and Mississippi until it could restore hospital operations and improve IT security.

“The ransomware attack continues to impact our ability to accept new patients,” DCH Health System spokesman Brad Fisher said at the time, adding that “we are investigating all options for securely and swiftly restoring our IT system.”

UCSF expects to fully restore the affected servers soon, and will provide further updates on the situation as the investigation proceeds.

Back to HCB News



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!