USD
Company Details
Linkedin ID:
ucsandiego
Website:
Employees number:
21,889
Number of followers:
453,746
NAICS:
6113
Industry Type:
Homepage:
ucsd.edu
IP Addresses:
495
Company ID:
UC _1452773
Scan Status:
Completed
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
UC San Diego Vendor Cyber Rating & Cyber Score
ucsd.eduRecognized as one of the top 15 research universities worldwide, our culture of collaboration sparks discoveries that advance society and drive economic impact. Everything we do is dedicated to ensuring our students have the opportunity to become changemakers, equipped with the multidisciplinary tools needed to accelerate answers to our world’s most pressing issues.
UC San Diego A.I CyberSecurity Scoring
USD Risk Score (AI oriented)Between 800 and 849
USD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
USD Global Score (TPRM)XXXX
USD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
USD Company CyberSecurity News & History
Past Incidents
19
Attack Types
3
KiteworksThe Regents of the University of California, Accellion and Inc.: UC Regents pay $5.8 million in class action lawsuit. Did you get paid?
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UC Regents Settles $5.8 Million Class Action Over 2020-2021 Data Breach The University of California (UC) Regents has finalized a $5.8 million settlement in *Erazo v. The Regents of the University of California*, resolving a class action lawsuit stemming from a 2020-2021 data breach. The incident, which exposed sensitive information of over 350,000 UC students and employees, occurred between mid-December 2020 and January 2021 due to a compromised file transfer application licensed by Accellion, Inc. The breach allegedly exposed data from the 2020 UC Undergraduate Experience Survey and medical records. While the UC Regents denied wrongdoing as part of the settlement, they agreed to distribute payments to affected individuals, cover litigation costs, and implement enhanced cybersecurity measures for at least two years. These measures include retiring the vulnerable Accellion FTA system, migrating to a secure file transfer product, increasing system monitoring, and providing security training for relevant employees. Payments to the 353,265-member settlement class have begun, with eligible claimants notified via email. The settlement fund will also cover administrative expenses and attorneys' fees. The case was settled on May 29, 2025.
University of California San Francisco (UCSF)
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of California San Francisco suffered a significant ransomware attack at the hands of the NetWalker group, which resulted in the loss of access to critical data. In order to recover the encrypted files, UCSF was compelled to pay a substantial ransom of $1.14 million. This incident stressed the vulnerability of major institutions to sophisticated cyber threats, particularly during sensitive times such as the COVID-19 pandemic when reliance on digital infrastructure is at its peak. The attack not only financially impacted the university but also highlighted the potential risks to privacy and the continuation of essential services.
UC San Diego Health Hillcrest - Hillcrest Medical Center
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported that UC San Diego Health experienced a data breach due to a phishing attack, which occurred between January 9 and January 22, 2024. The breach involved unauthorized access to employee email accounts, potentially exposing personal information such as names and Social Security numbers, affecting an unspecified number of individuals. The breach was reported on March 8, 2024.
UC San Diego Health
Ransomware
Rankiteo Explanation
Attack that could injure or kill people
Description: UC San Diego Health experienced a ransomware attack threatening critical healthcare operations. As the medical industry increases reliance on technology, such attacks can have dire consequences on patient care and outcomes. The attack's costliness, with an average of $11 million according to IBM, poses risks to smaller healthcare systems' existence, potentially leading to their permanent closure. Patients in remote areas would be most affected due to the scarcity of nearby medical facilities. In response, federal funding has been allocated to develop better preventative and mitigative measures, focusing on cybersecurity in healthcare.
UCLA
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The five new MOVEit assaults victims revealed on the dark web leak site for the Clop ransomware organization include the industrial behemoths Siemens Energy, Schneider Electric, werum.com, UCLA (http://ucla.edu), Abbie (http://abbvie.com), and Abbie. Worldwide, vital national infrastructures use Industrial Control Systems (ICS) from Siemens Energy and Schneider Electric. Threat actors claim they were able to compromise 100 different firms utilizing the most recently revealed MOVEit Transfer vulnerability CVE-2023-34362. The US government offers rewards for information that leads to the arrest, indictment, or location of dangerous actors.
UCSF Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of California, San Francisco (UCSF) experienced a data breach on February 9, 2023, disclosed on April 26, 2023, due to a phishing attack targeting UCSF email accounts. The breach exposed sensitive personal information of individuals, including First Name, Last Name, Date of Birth, Medical Record Number (MRN), and Date of Service. The exact number of affected individuals remains undetermined, but the compromised data poses risks of identity theft, medical fraud, or targeted scams. The attack exploited human vulnerability through phishing, leading to unauthorized access to employee email accounts, which likely contained or facilitated access to patient records. While no ransomware was involved, the exposure of protected health information (PHI) particularly MRNs and service dates heightens concerns over compliance violations (e.g., HIPAA) and potential misuse of medical data. The breach underscores the persistent threat of social engineering attacks in healthcare institutions, where employee credentials serve as gateways to highly sensitive systems.
UC San Diego Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UC San Diego Health suffered a data breach via its third-party vendor, Solv Health, between September 13 and December 22, 2022. The incident exposed sensitive personal information of individuals who used Solv Health’s scheduling websites. Compromised data may include names, dates of birth, email addresses, and insurance details, though the exact number of affected individuals remains undisclosed. The breach stems from a vulnerability or security lapse within Solv Health’s systems, indirectly impacting UC San Diego Health’s patients. While no financial or medical records appear to have been stolen, the exposure of personally identifiable information (PII) raises concerns over potential identity theft, phishing, or fraudulent activities targeting the victims. The breach underscores risks associated with third-party vendor dependencies in healthcare data management, where even non-direct attacks can erode trust and necessitate regulatory disclosures under laws like HIPAA or CCPA. UC San Diego Health likely faced reputational damage and operational disruptions in addressing the fallout, including notifications, credit monitoring offers, and system audits to prevent future incidents.
UCLA Health
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UCLA health experienced a data breach incident that 94,000 patients personal information and health data to third parties. UCLA Health promptly disabled the use of the tools and launched an investigation. The compromised information includes patients’ URL/website addresses, provider names, specialty, ad campaign names, page views, IP addresses, third-party cookies, and hashed values of certain fields on the appointment request form, such as patient names, email addresses, mailing addresses, phone numbers, and genders. UCLA Health website and the UCLA Health mobile app were affected. The UCLA Health patient portal was not impacted.
UC San Diego Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UC San Diego Health suffered from a data breach that exposed number of patients, employees and others connected to UC San Diego Health potentially. It was found that the breach occurred via unauthorized access to some employee email accounts, but it did not affect the continuity of care for their patients. A UCSD Health spokesperson said Tuesday that ransomware, software often used to extort money from an organization, was not involved. The compromised information includes full names, addresses, dates of birth, email addresses, fax numbers, claims information including dates and costs of care received, laboratory results, medical diagnoses and conditions, medical record numbers, prescription information, treatment information, Social Security numbers, government identification numbers, financial account numbers, student identification numbers, usernames and passwords. They notified people, and the letters each person receives precisely reflect the information that would have been impacted for that particular person.
University of California
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach at the University of California on May 13, 2021. The breach occurred on December 24, 2020, when an unauthorized third party accessed files containing personal information of UC community members, including Social Security numbers and financial information. Approximately 100 organizations were similarly attacked, but the number of affected individuals specific to UC is unknown.
UC San Diego Health
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported that UC San Diego Health experienced a data breach involving unauthorized access to employee email accounts. The incident occurred between December 2, 2020, and April 8, 2021, affecting personal information including Social Security numbers and medical details. The breach was reported on September 9, 2021.
University of California San Francisco
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 13, 2020. The breach occurred on June 1, 2020, due to a cybersecurity attack that resulted in unauthorized access to personal information, including names and social security numbers, affecting an unspecified number of individuals. UCSF paid the attacker to recover encrypted data and has offered credit monitoring services to impacted individuals.
UC San Diego Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The California Office of the Attorney General reported a data breach at UC San Diego Health that occurred between November 20, 2017, and December 9, 2017, with notification issued on June 14, 2019. An unauthorized third party accessed a medical transcription platform, potentially compromising patient data such as names, dates of birth, and clinical information, but did not access Social Security numbers or financial account information. The number of individuals affected is currently unknown.
UC San Diego School of Medicine
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported that UC San Diego School of Medicine experienced a data breach on August 3, 2016. The breach involved personal information including names and social security numbers of trainees. The incident was reported on September 22, 2016.
UCLA Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UCLA Health experienced a data breach incident in September 2015 after one of its laptop got stolen. The stolen laptop contained the personal information of approximately 1,242 patient of the organization including names and medical record numbers. UCLA Health notified all affected patient and retraining those involved with the incident.
UCI Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: An employee of UC Irvine Medical Center unethically viewed thousands of patient records over a four-year period. The incident compromised the personal health information including names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, of 4,859 patients . The center investigated the incident with the help of external security experts and notifies the affected patients.
University of California, Irvine
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The University of California, Irvine experienced a data breach reported on May 14, 2014, involving unauthorized access to its systems. The breach occurred due to computers being infected with a keystroke logger between February 14 and March 27, 2014, which potentially compromised personal and unencrypted medical data of individuals. The exact number of affected individuals remains unknown, raising concerns about the exposure of sensitive health information. The attack method suggests a targeted intrusion aimed at harvesting confidential data, likely through malicious software designed to capture keystrokes including login credentials, medical records, or other personally identifiable information (PII). The breach underscores vulnerabilities in the university’s cybersecurity defenses, particularly in protecting high-risk data like medical records, which are subject to strict regulatory protections (e.g., HIPAA). The incident highlights the risks of unauthorized data access in academic institutions handling sensitive information, with potential long-term repercussions for trust, legal compliance, and individual privacy.
University of California San Francisco
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 21, 2013. The breach occurred on September 25, 2013, when an unencrypted personal laptop containing identifiable health information was stolen from a physician's locked vehicle. The stolen laptop contained sensitive health information, which could potentially compromise the privacy and security of the affected individuals.
UC Irvine Medical Center
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In June 2015, the California Office of the Attorney General disclosed a data breach at the University of California Irvine Medical Center, where an employee improperly accessed patient records over an extended period from June 2011 to March 2015. The unauthorized access exposed personal health information (PHI) of an unknown number of patients, though investigations found no evidence of sensitive data being stolen or misused. The breach stemmed from internal misconduct, highlighting vulnerabilities in employee access controls and monitoring protocols. While the exposed data included patient details, the lack of confirmed theft or external exploitation mitigated some risks. However, the prolonged duration of the breach (nearly four years) raised concerns about compliance with healthcare privacy regulations (e.g., HIPAA) and the potential for reputational damage due to the mishandling of confidential medical records. The incident underscored the need for stricter audit trails, access restrictions, and employee training to prevent similar internal breaches in healthcare institutions.
USD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for USD
Incidents vs Higher Education Industry Average (This Year)
No incidents recorded for UC San Diego in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UC San Diego in 2026.
Incident Types USD vs Higher Education Industry Avg (This Year)
No incidents recorded for UC San Diego in 2026.
Incident History — USD (X = Date, Y = Severity)
USD cyber incidents detection timeline including parent company and subsidiaries
USD Company Subsidiaries
Recognized as one of the top 15 research universities worldwide, our culture of collaboration sparks discoveries that advance society and drive economic impact. Everything we do is dedicated to ensuring our students have the opportunity to become changemakers, equipped with the multidisciplinary tools needed to accelerate answers to our world’s most pressing issues.
Loading...
USD Similar Companies
ETH Zürich
ETH Zurich – Where the future begins Freedom and individual responsibility, entrepreneurial spirit and open-mindedness: ETH Zurich stands on a bedrock of true Swiss values. Our university for science and technology dates back to the year 1855, when the founders of modern-day Switzerland created it
University of Illinois Urbana-Champaign
The University of Illinois Urbana-Champaign is dedicated to building upon its tradition of excellence in education, research, public engagement and economic development. More than 3,000 faculty members discover and create new knowledge. Their work is an economic engine for the state and is recognize
Galileo Global Education
Galileo Global Education, world leader in independent higher education with 210,000 students, 61 schools and 106 campuses in 18 countries, placed employability and innovation at the heart of its strategy for 15 years. Galileo Global Education's mission is to enable everyone, regardless of their star
University of Kentucky
The University of Kentucky is a public, research-extensive, land grant university dedicated to improving people's lives through excellence in teaching, research, health care, cultural enrichment, and economic development for over 150 years. The University of Kentucky: - Facilitates learning, inf
University of Sydney
As the first university to be established in Australasia, the University of Sydney consistently ranks as one of Australia’s top universities. We aim to create and sustain a university that will, for the benefit of both Australia and the wider world, maximise the potential of the brightest researcher
Washington State University
Washington State University is a nationally recognized land-grant research university, founded in Pullman in 1890. WSU’s statewide system includes campuses in Pullman, Spokane, Everett, Tri-Cities and Vancouver, with extension and research offices in every county of the state, and a nationally ranke
University of Central Florida
Founded in 1963 to provide talent for Central Florida and the growing U.S. space program, UCF has been making an impact on the state, the nation — and outer space — ever since. With 13 colleges and more than 230 degree programs, your passion lies at one of our campus locations designed to help you
Amity University
Amity University is India's top ranked non-profit private University where more emphasis is given on not only making you academically brilliant, but true leaders and team players, thus preparing you for the real life corporate world. Amity is the leading education group of India with Most Hi-tech Ca
Virginia Tech
Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech takes a hands-on, engaging approach to education, preparing scholars to be leaders in their fields and communities. As the commonwealth’s most comprehensive university and its leading research institution, Virginia Tech offers 215 u
.png)
USD CyberSecurity News
February 26, 2026 08:00 AM
A clinical approach: How UCSD is boosting healthcare cybersecurity
A clinical approach: How UCSD is boosting healthcare cybersecurity · The UCSD Center for Healthcare Cybersecurity is tackling cybersecurity...
February 19, 2026 08:00 AM
Professor to discuss ‘Understanding the Economics of Cybercrime’ at local event
Every day, millions of people use the internet for work, banking, communication, and entertainment. But with this convenience comes a hidden...
January 20, 2026 08:00 AM
The Sky is Full of Secrets: Glaring Vulnerabilities Discovered in Satellite Communications
With $800 of off-the-shelf equipment and months worth of patience, a team of U.S. computer scientists set out to find out how well...
December 17, 2025 08:00 AM
Cybersecurity experts warn against internet-connected toys this holiday season
SAN DIEGO (KGTV) — As families prepare for Christmas shopping, cybersecurity experts are raising concerns about internet-connected toys that...
December 03, 2025 08:00 AM
Cyber Impact Growing as Workforce Spreads Across Industries
SAN DIEGO COUNTY – Cybersecurity is San Diego is still growing its impact on the region's economy – to the tune of $4.3 billion.
November 22, 2025 08:00 AM
Protecting Patients’ Online Lives
This story originally appeared in the winter 2025 issue of UC San Diego Magazine as “Do No Harm.” From pacemakers to patient portals,...
November 04, 2025 08:00 AM
Jones Day adds cybersecurity and privacy litigation partner Amanda Fitzsimmons in San Diego
Amanda Fitzsimmons has joined Jones Day as a partner in its Cybersecurity, Privacy & Data Protection Practice. She is based in the Firm's...
October 31, 2025 07:00 AM
Study concludes cybersecurity training doesn’t work
A lot of companies use cybersecurity training to prevent phishing attacks. A UC San Diego study says they should find a better way to...
October 31, 2025 07:00 AM
UCSD Center for Healthcare Cybersecurity fights attacks on multiple fronts
The center's health-care cybersecurity work comes as attacks are increasing, Tully and Dameff said. A paper they published in September 2024...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
USD CyberSecurity History Information
Official Website of UC San Diego
The official website of UC San Diego is http://ucsd.edu.
UC San Diego’s AI-Generated Cybersecurity Score
According to Rankiteo, UC San Diego’s AI-generated cybersecurity score is 807, reflecting their Good security posture.
How many security badges does UC San Diego’ have ?
According to Rankiteo, UC San Diego currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has UC San Diego been affected by any supply chain cyber incidents ?
According to Rankiteo, UC San Diego has been affected by a supply chain cyber incident involving Kiteworks, with the incident ID UCOKIT1774240010.
Does UC San Diego have SOC 2 Type 1 certification ?
According to Rankiteo, UC San Diego is not certified under SOC 2 Type 1.
Does UC San Diego have SOC 2 Type 2 certification ?
According to Rankiteo, UC San Diego does not hold a SOC 2 Type 2 certification.
Does UC San Diego comply with GDPR ?
According to Rankiteo, UC San Diego is not listed as GDPR compliant.
Does UC San Diego have PCI DSS certification ?
According to Rankiteo, UC San Diego does not currently maintain PCI DSS compliance.
Does UC San Diego comply with HIPAA ?
According to Rankiteo, UC San Diego is not compliant with HIPAA regulations.
Does UC San Diego have ISO 27001 certification ?
According to Rankiteo,UC San Diego is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UC San Diego
UC San Diego operates primarily in the Higher Education industry.
Number of Employees at UC San Diego
UC San Diego employs approximately 21,889 people worldwide.
Subsidiaries Owned by UC San Diego
UC San Diego presently has no subsidiaries across any sectors.
UC San Diego’s LinkedIn Followers
UC San Diego’s official LinkedIn profile has approximately 453,746 followers.
NAICS Classification of UC San Diego
UC San Diego is classified under the NAICS code 6113, which corresponds to Colleges, Universities, and Professional Schools.
UC San Diego’s Presence on Crunchbase
No, UC San Diego does not have a profile on Crunchbase.
UC San Diego’s Presence on LinkedIn
Yes, UC San Diego maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ucsandiego.
Cybersecurity Incidents Involving UC San Diego
As of April 02, 2026, Rankiteo reports that UC San Diego has experienced 19 cybersecurity incidents.
Number of Peer and Competitor Companies
UC San Diego has an estimated 15,823 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UC San Diego ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach, Data Leak and Ransomware.
What was the total financial impact of these incidents on UC San Diego ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $17.94 million.
How does UC San Diego detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with retraining involved personnel, remediation measures with notifying affected patients, and third party assistance with external security experts, and communication strategy with notifies the affected patients, and communication strategy with individuals were notified, and the letters each person receives precisely reflect the information that would have been impacted for that particular person., and containment measures with disabled the use of the tools, and communication strategy with public disclosure via california office of the attorney general, and communication strategy with public disclosure via california office of the attorney general, and containment measures with retired the vulnerable accellion fta system, and remediation measures with migrated to a secure file transfer product, increased system monitoring, provided security training for relevant employees, and communication strategy with notified eligible claimants via email, and enhanced monitoring with increased system monitoring..
Incident Details
Can you provide details on each incident ?
Title: UCLA Health Data Breach
Description: UCLA Health experienced a data breach incident in September 2015 after one of its laptops got stolen. The stolen laptop contained the personal information of approximately 1,242 patients of the organization including names and medical record numbers. UCLA Health notified all affected patients and retrained those involved with the incident.
Date Detected: 2015-09
Type: Data Breach
Attack Vector: Theft of Laptop
Title: Unauthorized Access to Patient Records at UC Irvine Medical Center
Description: An employee of UC Irvine Medical Center unethically viewed thousands of patient records over a four-year period. The incident compromised the personal health information including names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, of 4,859 patients.
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Insider Threat
Threat Actor: Employee
Motivation: Unethical Behavior
Title: UC San Diego Health Data Breach
Description: UC San Diego Health suffered from a data breach that exposed the information of patients, employees, and others connected to UC San Diego Health potentially.
Type: Data Breach
Attack Vector: Unauthorized access to employee email accounts
Title: UCLA Health Data Breach
Description: UCLA Health experienced a data breach incident affecting 94,000 patients' personal information and health data to third parties.
Type: Data Breach
Title: MOVEit Transfer Vulnerability Exploitation by Clop Ransomware Group
Description: The Clop ransomware group exploited the MOVEit Transfer vulnerability CVE-2023-34362 to compromise multiple organizations, including Siemens Energy, Schneider Electric, Werum, UCLA, and AbbVie.
Type: Data Breach and Ransomware Attack
Attack Vector: Vulnerability Exploitation
Vulnerability Exploited: CVE-2023-34362
Threat Actor: Clop Ransomware Group
Motivation: Financial Gain
Title: UC San Diego Health Ransomware Attack
Description: UC San Diego Health experienced a ransomware attack threatening critical healthcare operations. As the medical industry increases reliance on technology, such attacks can have dire consequences on patient care and outcomes. The attack's costliness, with an average of $11 million according to IBM, poses risks to smaller healthcare systems' existence, potentially leading to their permanent closure. Patients in remote areas would be most affected due to the scarcity of nearby medical facilities. In response, federal funding has been allocated to develop better preventative and mitigative measures, focusing on cybersecurity in healthcare.
Type: Ransomware
Motivation: Financial Gain
Title: UCSF Ransomware Attack
Description: The University of California San Francisco suffered a significant ransomware attack at the hands of the NetWalker group, which resulted in the loss of access to critical data. In order to recover the encrypted files, UCSF was compelled to pay a substantial ransom of $1.14 million. This incident stressed the vulnerability of major institutions to sophisticated cyber threats, particularly during sensitive times such as the COVID-19 pandemic when reliance on digital infrastructure is at its peak. The attack not only financially impacted the university but also highlighted the potential risks to privacy and the continuation of essential services.
Type: Ransomware
Threat Actor: NetWalker group
Motivation: Financial Gain
Title: UC San Diego Health Data Breach
Description: The California Office of the Attorney General reported that UC San Diego Health experienced a data breach due to a phishing attack, which occurred between January 9 and January 22, 2024. The breach involved unauthorized access to employee email accounts, potentially exposing personal information such as names and Social Security numbers, affecting an unspecified number of individuals. The breach was reported on March 8, 2024.
Date Detected: 2024-03-08
Date Publicly Disclosed: 2024-03-08
Type: Data Breach
Attack Vector: Phishing
Vulnerability Exploited: Human
Title: Data Breach at University of California San Francisco
Description: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 13, 2020. The breach occurred on June 1, 2020, due to a cybersecurity attack that resulted in unauthorized access to personal information, including names and social security numbers, affecting an unspecified number of individuals. UCSF paid the attacker to recover encrypted data and has offered credit monitoring services to impacted individuals.
Date Detected: 2020-06-01
Date Publicly Disclosed: 2020-11-13
Type: Data Breach
Title: Data Breach at UC San Diego Health
Description: An unauthorized third party accessed a medical transcription platform, potentially compromising patient data such as names, dates of birth, and clinical information, but did not access Social Security numbers or financial account information.
Date Publicly Disclosed: 2019-06-14
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Third Party
Title: Data Breach at University of California San Francisco (UCSF)
Description: A data breach occurred when an unencrypted personal laptop containing identifiable health information was stolen from a physician's locked vehicle.
Date Detected: 2013-09-25
Date Publicly Disclosed: 2013-11-21
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Unencrypted Data
Threat Actor: Unknown
Motivation: Unknown
Title: UC San Diego School of Medicine Data Breach
Description: The California Office of the Attorney General reported that UC San Diego School of Medicine experienced a data breach involving personal information including names and social security numbers of trainees.
Date Detected: 2016-08-03
Date Publicly Disclosed: 2016-09-22
Type: Data Breach
Title: Data Breach at University of California
Description: The California Office of the Attorney General reported a data breach at the University of California on May 13, 2021. The breach occurred on December 24, 2020, when an unauthorized third party accessed files containing personal information of UC community members, including Social Security numbers and financial information. Approximately 100 organizations were similarly attacked, but the number of affected individuals specific to UC is unknown.
Date Detected: 2021-05-13
Date Publicly Disclosed: 2021-05-13
Type: Data Breach
Attack Vector: Unauthorized Access
Threat Actor: Unauthorized Third Party
Title: UC San Diego Health Data Breach
Description: Unauthorized access to employee email accounts compromising personal information including Social Security numbers and medical details.
Date Detected: April 8, 2021
Date Publicly Disclosed: September 9, 2021
Type: Data Breach
Attack Vector: Email Compromise
Title: Data Breach at University of California, San Francisco (UCSF) via Phishing Attack
Description: The California Office of the Attorney General reported a data breach involving the University of California, San Francisco (UCSF) on April 26, 2023. The breach occurred on February 9, 2023, due to a phishing attack that compromised some UCSF email accounts, potentially exposing individuals' First Name, Last Name, Date of Birth, MRN (Medical Record Number), and Date of Service. The number of individuals affected is currently unknown.
Date Detected: 2023-02-09
Date Publicly Disclosed: 2023-04-26
Type: Data Breach
Attack Vector: Phishing
Title: UC San Diego Health Data Breach via Vendor Solv Health
Description: The California Office of the Attorney General reported that UC San Diego Health experienced a data breach involving its vendor, Solv Health, between September 13 and December 22, 2022. The breach may have compromised personal information such as names, dates of birth, email addresses, and insurance types for individuals who used scheduling websites, affecting an unknown number of individuals.
Type: Data Breach
Title: University of California Irvine Medical Center Data Breach (2011-2015)
Description: An employee improperly accessed patient records between June 2011 and March 2015 at the University of California Irvine Medical Center. The breach potentially affected an unknown number of patients, exposing various personal health information, but no evidence was found of sensitive information being removed.
Date Detected: 2015-03-01
Date Publicly Disclosed: 2015-06-17
Type: Data Breach (Insider Threat)
Attack Vector: Insider Access Abuse
Threat Actor: Internal Employee
Motivation: Unknown (Potentially Unauthorized Curiosity or Malicious Intent)
Title: University of California, Irvine Data Breach (2014)
Description: The California Office of the Attorney General reported a data breach by the University of California, Irvine on May 14, 2014. The breach involved unauthorized access to computers infected with a keystroke logger between February 14 and March 27, 2014, potentially affecting personal information for individuals, including unencrypted medical data. The number of individuals affected is unknown.
Date Detected: 2014-03-27
Date Publicly Disclosed: 2014-05-14
Type: Data Breach
Attack Vector: Keystroke Logger (Malware)
Title: UC Regents Settles $5.8 Million Class Action Over 2020-2021 Data Breach
Description: The University of California (UC) Regents has finalized a $5.8 million settlement in *Erazo v. The Regents of the University of California*, resolving a class action lawsuit stemming from a 2020-2021 data breach. The incident exposed sensitive information of over 350,000 UC students and employees due to a compromised file transfer application licensed by Accellion, Inc.
Date Detected: 2021-01
Date Resolved: 2025-05-29
Type: Data Breach
Attack Vector: Compromised file transfer application (Accellion FTA)
Vulnerability Exploited: Vulnerability in Accellion FTA system
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Employee email accounts, Phishing email, Email Compromise and Phishing (compromised email accounts).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach UCL14320422
Data Compromised: Names, Medical record numbers
Incident : Data Breach UCI2241522
Data Compromised: Names, Dates of birth, Gender, Medical record numbers, Height, Weight, Medical center account numbers, Allergy information, Home address, Medical documentation, Diagnoses, Test orders and results
Incident : Data Breach UCS22335223
Data Compromised: Full names, Addresses, Dates of birth, Email addresses, Fax numbers, Claims information including dates and costs of care received, Laboratory results, Medical diagnoses and conditions, Medical record numbers, Prescription information, Treatment information, Social security numbers, Government identification numbers, Financial account numbers, Student identification numbers, Usernames and passwords
Incident : Data Breach UCL11139223
Data Compromised: Url/website addresses, Provider names, Specialty, Ad campaign names, Page views, Ip addresses, Third-party cookies, Hashed values of certain fields on the appointment request form, such as patient names, email addresses, mailing addresses, phone numbers, and genders
Systems Affected: UCLA Health websiteUCLA Health mobile app
Incident : Ransomware UCS1014070724
Financial Loss: Average of $11 million
Systems Affected: Critical healthcare operations
Operational Impact: Threat to patient care and outcomes
Incident : Ransomware UCS000122224
Financial Loss: $1.14 million
Systems Affected: Critical data systems
Operational Impact: Loss of access to critical data
Incident : Data Breach UCS108072625
Data Compromised: Names, Social security numbers
Systems Affected: Employee email accounts
Incident : Data Breach UCS658072625
Data Compromised: Names, Social security numbers
Incident : Data Breach UCS827072625
Data Compromised: Names, Dates of birth, Clinical information
Systems Affected: Medical Transcription Platform
Incident : Data Breach UCS212072625
Data Compromised: Identifiable Health Information
Systems Affected: Personal Laptop
Incident : Data Breach UCS457072625
Data Compromised: Names, Social security numbers
Incident : Data Breach UCO831072725
Data Compromised: Social security numbers, Financial information
Incident : Data Breach UCS913080425
Data Compromised: Social security numbers, Medical details
Incident : Data Breach UCS157082025
Data Compromised: First name, Last name, Date of birth, Mrn, Date of service
Systems Affected: Email Accounts
Identity Theft Risk: Potential (PII exposed)
Incident : Data Breach UCS1016090725
Data Compromised: Names, Dates of birth, Email addresses, Insurance types
Systems Affected: scheduling websites
Identity Theft Risk: Potential
Incident : Data Breach (Insider Threat) UC-952091725
Data Compromised: Personal health information (phi)
Brand Reputation Impact: Potential Reputational Harm (Healthcare Trust Erosion)
Identity Theft Risk: Low (No Evidence of Data Exfiltration)
Incident : Data Breach UC-013091825
Data Compromised: Personal information, Unencrypted medical data
Systems Affected: Computers
Identity Theft Risk: Potential
Incident : Data Breach UCOKIT1774240010
Financial Loss: $5.8 million settlement
Data Compromised: Sensitive information of over 350,000 individuals
Systems Affected: File transfer application (Accellion FTA)
Operational Impact: Enhanced cybersecurity measures implemented for at least two years
Legal Liabilities: Class action lawsuit settlement
Identity Theft Risk: Exposure of sensitive information (e.g., medical records, survey data)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $944.21 thousand.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Names, Dates Of Birth, Gender, Medical Record Numbers, Height, Weight, Medical Center Account Numbers, Allergy Information, Home Address, Medical Documentation, Diagnoses, Test Orders And Results, , Full Names, Addresses, Dates Of Birth, Email Addresses, Fax Numbers, Claims Information Including Dates And Costs Of Care Received, Laboratory Results, Medical Diagnoses And Conditions, Medical Record Numbers, Prescription Information, Treatment Information, Social Security Numbers, Government Identification Numbers, Financial Account Numbers, Student Identification Numbers, Usernames And Passwords, , Personal Information, Health Data, , Names, Social Security Numbers, , Names, Social Security Numbers, , Names, Dates Of Birth, Clinical Information, , Identifiable Health Information, Names, Social Security Numbers, , Social Security Numbers, Financial Information, , Social Security Numbers, Medical Details, , Personally Identifiable Information (Pii), Protected Health Information (Phi), , Personal Information, , Personal Health Information (PHI), Personal Information, Medical Data, , Medical Records, 2020 Uc Undergraduate Experience Survey Data and .
Which entities were affected by each incident ?
Incident : Data Breach UCL14320422
Entity Name: UCLA Health
Entity Type: Healthcare Provider
Industry: Healthcare
Customers Affected: 1,242
Incident : Data Breach UCI2241522
Entity Name: UC Irvine Medical Center
Entity Type: Hospital
Industry: Healthcare
Location: Irvine, CA
Customers Affected: 4,859 patients
Incident : Data Breach UCS22335223
Entity Name: UC San Diego Health
Entity Type: Healthcare
Industry: Healthcare
Location: San Diego, CA
Incident : Data Breach UCL11139223
Entity Name: UCLA Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Los Angeles, California
Customers Affected: 94,000
Incident : Data Breach and Ransomware Attack UCL0443723
Entity Name: Siemens Energy
Entity Type: Industrial Control Systems Provider
Industry: Energy
Incident : Data Breach and Ransomware Attack UCL0443723
Entity Name: Schneider Electric
Entity Type: Industrial Control Systems Provider
Industry: Energy Management and Automation
Incident : Data Breach and Ransomware Attack UCL0443723
Entity Name: Werum
Entity Type: Software Company
Industry: Pharmaceuticals and Biotech
Incident : Data Breach and Ransomware Attack UCL0443723
Entity Name: UCLA
Entity Type: University
Industry: Education
Location: Los Angeles, CA
Incident : Data Breach and Ransomware Attack UCL0443723
Entity Name: AbbVie
Entity Type: Pharmaceutical Company
Industry: Pharmaceuticals
Incident : Ransomware UCS1014070724
Entity Name: UC San Diego Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: San Diego, California
Incident : Ransomware UCS000122224
Entity Name: University of California San Francisco
Entity Type: Educational Institution
Industry: Education
Location: San Francisco, CA
Incident : Data Breach UCS108072625
Entity Name: UC San Diego Health
Entity Type: Healthcare
Industry: Healthcare
Location: San Diego, California
Incident : Data Breach UCS658072625
Entity Name: University of California San Francisco
Entity Type: Educational Institution
Industry: Education
Location: San Francisco, California
Incident : Data Breach UCS827072625
Entity Name: UC San Diego Health
Entity Type: Healthcare
Industry: Healthcare
Location: San Diego, California
Incident : Data Breach UCS212072625
Entity Name: University of California San Francisco (UCSF)
Entity Type: Educational Institution
Industry: Healthcare
Location: San Francisco, California
Incident : Data Breach UCS457072625
Entity Name: UC San Diego School of Medicine
Entity Type: Educational Institution
Industry: Education
Location: San Diego, California
Incident : Data Breach UCO831072725
Entity Name: University of California
Entity Type: Educational Institution
Industry: Education
Location: California
Incident : Data Breach UCS913080425
Entity Name: UC San Diego Health
Entity Type: Healthcare
Industry: Healthcare
Location: San Diego, California
Incident : Data Breach UCS157082025
Entity Name: University of California, San Francisco (UCSF)
Entity Type: Educational Institution / Healthcare Provider
Industry: Education, Healthcare
Location: San Francisco, California, USA
Customers Affected: Unknown
Incident : Data Breach UCS1016090725
Entity Name: UC San Diego Health
Entity Type: Healthcare Provider
Industry: Healthcare
Location: California, USA
Customers Affected: Unknown
Incident : Data Breach UCS1016090725
Entity Name: Solv Health
Entity Type: Vendor
Industry: Healthcare Technology
Customers Affected: Unknown
Incident : Data Breach (Insider Threat) UC-952091725
Entity Name: University of California Irvine Medical Center
Entity Type: Healthcare Provider / Academic Medical Center
Industry: Healthcare
Location: Orange, California, USA
Customers Affected: Unknown (Patients)
Incident : Data Breach UC-013091825
Entity Name: University of California, Irvine
Entity Type: Educational Institution
Industry: Higher Education
Location: Irvine, California, USA
Customers Affected: Unknown
Incident : Data Breach UCOKIT1774240010
Entity Name: University of California (UC) Regents
Entity Type: Educational Institution
Industry: Education/Higher Education
Location: California, USA
Customers Affected: 353,265 students and employees
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach UCL14320422
Remediation Measures: Retraining involved personnelNotifying affected patients
Incident : Data Breach UCI2241522
Third Party Assistance: external security experts
Communication Strategy: notifies the affected patients
Incident : Data Breach UCS22335223
Communication Strategy: Individuals were notified, and the letters each person receives precisely reflect the information that would have been impacted for that particular person.
Incident : Data Breach UCL11139223
Containment Measures: Disabled the use of the tools
Incident : Data Breach UCS157082025
Communication Strategy: Public disclosure via California Office of the Attorney General
Incident : Data Breach (Insider Threat) UC-952091725
Communication Strategy: Public Disclosure via California Office of the Attorney General
Incident : Data Breach UCOKIT1774240010
Containment Measures: Retired the vulnerable Accellion FTA system
Remediation Measures: Migrated to a secure file transfer product, increased system monitoring, provided security training for relevant employees
Communication Strategy: Notified eligible claimants via email
Enhanced Monitoring: Increased system monitoring
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through external security experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach UCL14320422
Type of Data Compromised: Personal information
Number of Records Exposed: 1,242
Sensitivity of Data: High
Personally Identifiable Information: NamesMedical Record Numbers
Incident : Data Breach UCI2241522
Type of Data Compromised: Names, Dates of birth, Gender, Medical record numbers, Height, Weight, Medical center account numbers, Allergy information, Home address, Medical documentation, Diagnoses, Test orders and results
Number of Records Exposed: 4,859
Sensitivity of Data: High
Personally Identifiable Information: namesdates of birthgendermedical record numbersheightweightmedical center account numbersallergy informationhome address
Incident : Data Breach UCS22335223
Type of Data Compromised: Full names, Addresses, Dates of birth, Email addresses, Fax numbers, Claims information including dates and costs of care received, Laboratory results, Medical diagnoses and conditions, Medical record numbers, Prescription information, Treatment information, Social security numbers, Government identification numbers, Financial account numbers, Student identification numbers, Usernames and passwords
Sensitivity of Data: High
Incident : Data Breach UCL11139223
Type of Data Compromised: Personal information, Health data
Number of Records Exposed: 94,000
Sensitivity of Data: High
Personally Identifiable Information: Patient namesEmail addressesMailing addressesPhone numbersGenders
Incident : Data Breach UCS108072625
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High
Incident : Data Breach UCS658072625
Type of Data Compromised: Names, Social security numbers
Incident : Data Breach UCS827072625
Type of Data Compromised: Names, Dates of birth, Clinical information
Sensitivity of Data: High
Personally Identifiable Information: NamesDates of Birth
Incident : Data Breach UCS212072625
Type of Data Compromised: Identifiable Health Information
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Incident : Data Breach UCS457072625
Type of Data Compromised: Names, Social security numbers
Sensitivity of Data: High
Incident : Data Breach UCO831072725
Type of Data Compromised: Social security numbers, Financial information
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbers
Incident : Data Breach UCS913080425
Type of Data Compromised: Social security numbers, Medical details
Sensitivity of Data: High
Incident : Data Breach UCS157082025
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Number of Records Exposed: Unknown
Sensitivity of Data: High (includes MRN and PHI)
Personally Identifiable Information: First NameLast NameDate of BirthMRNDate of Service
Incident : Data Breach UCS1016090725
Type of Data Compromised: Personal information
Number of Records Exposed: Unknown
Sensitivity of Data: Moderate (PII)
Data Exfiltration: Likely
Personally Identifiable Information: namesdates of birthemail addresses
Incident : Data Breach (Insider Threat) UC-952091725
Type of Data Compromised: Personal Health Information (PHI)
Number of Records Exposed: Unknown
Sensitivity of Data: High (Health Records)
Data Exfiltration: No Evidence
Personally Identifiable Information: Likely (PHI includes PII elements)
Incident : Data Breach UC-013091825
Type of Data Compromised: Personal information, Medical data
Number of Records Exposed: Unknown
Sensitivity of Data: High (Unencrypted Medical Data)
Data Exfiltration: Potential
Data Encryption: No (Data was unencrypted)
Personally Identifiable Information: Yes
Incident : Data Breach UCOKIT1774240010
Type of Data Compromised: Medical records, 2020 uc undergraduate experience survey data
Number of Records Exposed: 353,265
Sensitivity of Data: High (personally identifiable information, medical records)
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Retraining involved personnel, Notifying affected patients, , Migrated to a secure file transfer product, increased system monitoring, provided security training for relevant employees.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled the use of the tools and retired the vulnerable accellion fta system.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach and Ransomware Attack UCL0443723
Ransomware Strain: Clop
Incident : Ransomware UCS000122224
Ransom Demanded: $1.14 million
Ransom Paid: $1.14 million
Ransomware Strain: NetWalker
Data Encryption: Yes
Incident : Data Breach UCS658072625
Data Encryption: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach UCS157082025
Regulations Violated: Potentially HIPAA (Health Insurance Portability and Accountability Act), California Consumer Privacy Act (CCPA),
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach UCS1016090725
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach (Insider Threat) UC-952091725
Regulations Violated: HIPAA (Potential Violation), California Data Breach Notification Law,
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach UC-013091825
Regulatory Notifications: California Office of the Attorney General
Incident : Data Breach UCOKIT1774240010
Legal Actions: Class action lawsuit (*Erazo v. The Regents of the University of California*)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit (*Erazo v. The Regents of the University of California*).
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Ransomware UCS1014070724
Recommendations: Federal funding allocated to develop better preventative and mitigative measures, focusing on cybersecurity in healthcare.
Incident : Data Breach UCOKIT1774240010
Recommendations: Retire vulnerable systems, migrate to secure alternatives, enhance monitoring, and provide security training
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Federal funding allocated to develop better preventative and mitigative measures, focusing on cybersecurity in healthcare., Retire vulnerable systems, migrate to secure alternatives, enhance monitoring and and provide security training.
References
Where can I find more information about each incident ?
Incident : Data Breach UCL11139223
Source: UCLA Health
Incident : Data Breach UCS108072625
Source: California Office of the Attorney General
Date Accessed: 2024-03-08
Incident : Data Breach UCS658072625
Source: California Office of the Attorney General
Date Accessed: 2020-11-13
Incident : Data Breach UCS827072625
Source: California Office of the Attorney General
Incident : Data Breach UCS212072625
Source: California Office of the Attorney General
Incident : Data Breach UCS457072625
Source: California Office of the Attorney General
Incident : Data Breach UCO831072725
Source: California Office of the Attorney General
Date Accessed: 2021-05-13
Incident : Data Breach UCS913080425
Source: California Office of the Attorney General
Date Accessed: September 9, 2021
Incident : Data Breach UCS157082025
Source: California Office of the Attorney General
Date Accessed: 2023-04-26
Incident : Data Breach UCS1016090725
Source: California Office of the Attorney General
Incident : Data Breach (Insider Threat) UC-952091725
Source: California Office of the Attorney General
Date Accessed: 2015-06-17
Incident : Data Breach UC-013091825
Source: California Office of the Attorney General
Incident : Data Breach UCOKIT1774240010
Source: Class action settlement notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: UCLA Health, and Source: UCLAUrl: http://ucla.edu, and Source: AbbVieUrl: http://abbvie.com, and Source: California Office of the Attorney GeneralDate Accessed: 2024-03-08, and Source: California Office of the Attorney GeneralDate Accessed: 2020-11-13, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2021-05-13, and Source: California Office of the Attorney GeneralDate Accessed: September 9, 2021, and Source: California Office of the Attorney GeneralDate Accessed: 2023-04-26, and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2015-06-17, and Source: California Office of the Attorney General, and Source: Class action settlement notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach UCL11139223
Investigation Status: Ongoing
Incident : Data Breach (Insider Threat) UC-952091725
Investigation Status: Completed (No Evidence of Data Theft)
Incident : Data Breach UCOKIT1774240010
Investigation Status: Settled
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through notifies the affected patients, Individuals were notified, and the letters each person receives precisely reflect the information that would have been impacted for that particular person., Public disclosure via California Office of the Attorney General, Public Disclosure via California Office of the Attorney General and Notified eligible claimants via email.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach UCOKIT1774240010
Customer Advisories: Eligible claimants notified via email
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Eligible claimants notified via email.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UCS22335223
Entry Point: Employee email accounts
Incident : Data Breach UCS108072625
Entry Point: Phishing email
Incident : Data Breach UCS913080425
Entry Point: Email Compromise
Incident : Data Breach UCS157082025
Entry Point: Phishing (compromised email accounts)
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach (Insider Threat) UC-952091725
Root Causes: Lack of Access Controls / Monitoring for Insider Threats
Incident : Data Breach UCOKIT1774240010
Root Causes: Vulnerability in Accellion FTA system
Corrective Actions: Retired Accellion FTA, migrated to secure file transfer product, increased monitoring, security training
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as external security experts, Increased system monitoring.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Retired Accellion FTA, migrated to secure file transfer product, increased monitoring, security training.
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.14 million.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Employee, Clop Ransomware Group, NetWalker group, Unauthorized Third Party, Unknown, Unauthorized Third Party and Internal Employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2015-09.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2014-05-14.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2025-05-29.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $1.14 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Medical Record Numbers, , names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, , full names, addresses, dates of birth, email addresses, fax numbers, claims information including dates and costs of care received, laboratory results, medical diagnoses and conditions, medical record numbers, prescription information, treatment information, Social Security numbers, government identification numbers, financial account numbers, student identification numbers, usernames and passwords, , URL/website addresses, Provider names, Specialty, Ad campaign names, Page views, IP addresses, Third-party cookies, Hashed values of certain fields on the appointment request form, such as patient names, email addresses, mailing addresses, phone numbers, and genders, , Names, Social Security numbers, , names, social security numbers, , Names, Dates of Birth, Clinical Information, , Identifiable Health Information, names, social security numbers, , Social Security numbers, Financial information, , Social Security numbers, medical details, , First Name, Last Name, Date of Birth, MRN, Date of Service, , names, dates of birth, email addresses, insurance types, , Personal Health Information (PHI), , Personal Information, Unencrypted Medical Data, , Sensitive information of over 350 and000 individuals.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was UCLA Health websiteUCLA Health mobile app and and and Employee email accounts and Medical Transcription Platform and and Email Accounts and scheduling websites and Computers and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was external security experts.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disabled the use of the tools and Retired the vulnerable Accellion FTA system.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were claims information including dates and costs of care received, test orders and results, Hashed values of certain fields on the appointment request form, such as patient names, email addresses, mailing addresses, phone numbers, and genders, Clinical Information, height, URL/website addresses, full names, Unencrypted Medical Data, Personal Health Information (PHI), medical documentation, home address, medical diagnoses and conditions, prescription information, Provider names, Sensitive information of over 350,000 individuals, insurance types, gender, medical details, First Name, weight, addresses, Ad campaign names, names, financial account numbers, MRN, Third-party cookies, treatment information, Page views, medical center account numbers, Date of Service, social security numbers, Financial information, fax numbers, Names, Identifiable Health Information, IP addresses, Social Security numbers, student identification numbers, laboratory results, medical record numbers, dates of birth, usernames and passwords, Specialty, allergy information, Last Name, Date of Birth, Dates of Birth, Medical Record Numbers, email addresses, diagnoses, Personal Information and government identification numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 453.4K.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $1.14 million.
What was the highest ransom paid in a ransomware incident ?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was $1.14 million.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit (*Erazo v. The Regents of the University of California*).
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Federal funding allocated to develop better preventative and mitigative measures, focusing on cybersecurity in healthcare., Retire vulnerable systems, migrate to secure alternatives, enhance monitoring and and provide security training.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are UCLA Health, UCLA, California Office of the Attorney General, Class action settlement notice and AbbVie.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is http://ucla.edu, http://abbvie.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Eligible claimants notified via email.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Employee email accounts, Phishing email, Email Compromise and Phishing (compromised email accounts).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Lack of Access Controls / Monitoring for Insider Threats, Vulnerability in Accellion FTA system.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Retired Accellion FTA, migrated to secure file transfer product, increased monitoring, security training.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ucsandiego' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
