Charles Leaver – Poor Security Probably Most Likely Factor In UCLA Health Data Breach

Written By Craig Hand And Presented By Ziften CEO Charles Leaver

UCLA Health Data Breach Likely Due To Inferior Security

UCLA Health announced on July 17th 2015 that it was the victim of a health data breach affecting as much as 4.5 million healthcare clients from the 4 healthcare facilities it runs in the Southern California region. According to UCLA Health authorities, Personally Identifiable Information (PII) and Protected Health Information (PHI) was accessed but no evidence yet suggests that the data was taken. This data went as far back as 1990. The authorities also specified that there was no proof at this time, that any charge card or monetary data was accessed.

“At this time” is key here. The info accessed (or potentially stolen, its definitely hard to know at this moment) is practically great for the life of that individual and possibly still beneficial past the death of that individual. The details readily available to the perpetrators consisted of: Names, Addresses, Phone numbers, Social Security Numbers, Medical condition, Medications prescribed, Medical procedures performed, and test outcomes.

Little is known about this data breach like so many others we find out about however never ever hear any genuine information on. UCLA Health found unusual activity in segments of their network in October of 2014 (although access potentially began one month earlier), and instantly called the FBI. Lastly, by May 2015 – a full 7 months later on – detectives stated that a data breach had actually taken place. Again, officials claim that the enemies are probably extremely sophisticated, and not in the country. Lastly, we the public get to hear about a breach a complete two months later on July 17, 2015.

It’s been said many times before that we as security experts need to be right 100% of the time, while the cyber criminals only need to discover that 1% that we may not be able to correct. Based on our research about the breach, the bottom line is UCLA Health had poor security practices. One reason is based upon the basic fact that the data accessed was not encrypted. We have had HIPAA now for some time, UCLA is a well-regarded bastion of Higher Education, yet still they failed to secure data in the most basic ways. The claim that these were highly sophisticated individuals is likewise suspect, as up until now no real proof has been disclosed. After all, when is the last time that a company that has been breached claimed it wasn’t from an “advanced” cyber attack? Even if they claim they have such proof, as members of the public we will not see it in order to vet it correctly.

Because there isn’t really enough revealed details about the breach, its difficult to identify if any service would have assisted in finding the breach sooner rather than later on. However, if the breach began with malware being delivered to and executed by a UCLA Health network user, the likelihood that Ziften could have helped in discovering the malware and potentially stopping it would have been fairly high. Ziften could have likewise notified on suspicious, unidentified, or understood malware along with any communications the malware might have made in order to spread internally or to exfiltrate data to an external host.

When are we going to learn? As all of us understand, it’s not a matter of if, however when, companies will be attacked. Smart organizations are getting ready for the inevitable with detection and response solutions that mitigate damage.