UCSF pays $1.14 million to decrypt files after ransomware attack

By | June 30, 2020

UCSF on Friday announced that it had “made the difficult decision” to pay a $ 1.14 million ransom and unlock the important data that had been encrypted in a ransomware attack earlier this month.

WHY IT MATTERS
On June 3, IT staff at UCSF School of Medicine detected a security incident that had occurred two days earlier, said school officials in a statement.

“We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work,” officials noted.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

Even as that attack was stopped, however, the perpetrators launched a malware program that encrypted some servers. UCSF officials note that IT and security staff have been working with an outside consultant and hope to restore access to the servers and shore up its defenses in general.

The school says it is continuing to investigate the incident, but say it believes that the malware was propagated “opportunistically, with no particular area being targeted.” Likewise, they said, “we do not currently believe patient medical records were exposed.”

But given that the data that was encrypted “is important to some of the academic work we pursue as a university serving the public good,” UCSF officials say they decided to pay a portion of the ransom to gain access to the information.

THE LARGER TREND
Opportunistic cyberattacks have seen a steady increase since the onset of the COVID-19 pandemic, with bad actors attacking hospitals, research organizations and health agencies using a variety of coronavirus-themed phishing emails and brute force attacks.

As for the decision to pay the ransom, there is some debate, but most experts, along with the U.S. Department of Health and Human Services, the FBI, and other enforcement officials, say it’s not a good idea.

But the appeal of rescuing ransomed data is understandable. Just this past week, Rangely District Hospital in Rio Blanco County, Colorado, revealed that it had been targeted with a ransomware attack that locked access to five years of patient records.

The hospital did not pay the ransom. But officials acknowledged that “some electronic records are unavailable or have not been recovered.”

ON THE RECORD
“This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education,” said UCSF officials in a statement. “We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.”

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Healthcare IT News is a publication of HIMSS Media

News from healthcareitnews.com