Here are 10 takeaways about the UCSF ransomware attack and extortion payment, according to a June 26 statement from the university:
- UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment on June 1.
- The school isolated the incident from the core UCSF network, and the incident did not affect the university's patient care delivery operations, overall campus network, or COVID-19 work.
- The attack encrypted a limited number of servers within the School of Medicine.
- The university has been working with a cybersecurity consulting firm and other third-party experts to investigate the incident and reinforce security.
- UCSF expects to fully restore the affected servers soon.
- The attackers obtained some data as proof of their action, to use in their demand for a ransom payment.
- UCSF does not currently believe patient medical records were exposed.
- The encrypted data involves "academic work we pursue as a university serving the public good."
- The university made the "difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained."
- As additional facts become known, UCSF will provide further updates.
The UCSF statement about the ransomware attack was not attributed to any particular university official.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.