
- UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment on June 1.
- The school isolated the incident from the core UCSF network, and the incident did not affect the university's patient care delivery operations, overall campus network, or COVID-19 work.
- The attack encrypted a limited number of servers within the School of Medicine.
- The university has been working with a cybersecurity consulting firm and other third-party experts to investigate the incident and reinforce security.
- UCSF expects to fully restore the affected servers soon.
- The attackers obtained some data as proof of their action, to use in their demand for a ransom payment.
- UCSF does not currently believe patient medical records were exposed.
- The encrypted data involves "academic work we pursue as a university serving the public good."
- The university made the "difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained."
- As additional facts become known, UCSF will provide further updates.