Learning from the UCLA Health cyberattack

UC Davis information security specialists are fielding calls from people on campus who want to know what we can learn from the data breach UCLA disclosed last Friday.

The cause of the attack is still being investigated, but whatever the full answer turns out to be, the breach underscores the need to practice the basic good habits of information security.

UCLA Health has posted information about the attack on its website. There is no evidence that the breach has affected the UC Davis Health System, Chancellor Linda Katehi wrote in an email to UC Davis faculty and staff last Friday.

"The campus security team is currently conducting its own investigation based on information we were provided about the UCLA incident," said UC Davis Chief Information Security Officer Cheryl Washington. "If we identify any confirmed or suspicious threats, we will reach out to the technical community and others for assistance in our investigation."

Washington also asks campus technologists to be sure they scan their VLANs (virtual local area networks), "and if they find something suspicious, notify us" at cybersecurity@ucdavis.edu.

"If you have not read the Chancellor's message, I encourage you all to do so," Washington continued. "She offers very valuable tips that can help you protect your information assets."

The advice

  • Ensure that your computer and mobile devices are up-to-date with the latest patches, including for software like Adobe Flash or Java.
  • Review electronic devices under your control (including computers, tablets, phones and memory sticks), and remove or secure any files that contain sensitive information about individuals.
  • Beware of email and phishing messages asking for personal information. Use strong passwords, and don't share them with anyone.
  • For more information, visit security.ucdavis.edu/cybersafetybasics
  • If you need assistance managing your cybersecurity efforts, contact the IT Express Service Desk (Davis campus) or IT Support (Health System).

Learn, patch, and five common patterns

The 2015 Data Breach Investigations Report from Verizon says more about the current nature and source of cyberthreats. For example:

  • Phishing still tricks too many people. "23 percent of recipients open phishing messages," the report says, "and 11 percent click on the attachments." UC Davis faculty and staff who need to brush up on their anti-phishing skills should watch these free, short videos (see module 3).
  • "For the overwhelming majority of attacks exploiting known vulnerabilities, the patch [to fix the problem] had been available for months prior to the breach (and 71 percent for more than 1 year). This strongly suggests that a patch deployment strategy focusing on coverage and consistency is far more effective at preventing data breaches than 'fire drills' attempting to patch particular systems as soon as patches are released."
  • Most attacks fell into one of five basic patterns: miscellaneous errors (29.4 percent), crimeware (25.1), insider misuse (20.6), physical theft/loss (15.3), and web app attacks (4.1).