Dear Colleagues,
A major cyber-attack occurred at Scripps Health in southern California on May 1 making it clear that hospitals and healthcare institutions are being aggressively targeted by cybercriminals. The likely source of this attack was a successful phishing attempt that resulted in downtime for many of their IT systems and ongoing severe impact to their clinical and business operations.
Here at UCSF, we are seeing phishing attempts not just in email but also via phone calls. Attackers have contacted our IT Service Desk with the goal of gaining access by requesting password resets and Duo / phone registrations utilizing employee SSNs and home addresses. Our IT Service Desk has changed identity verification procedures and will continue to harden them for certain kinds of transactions so please be aware and be patient as we go to extra lengths to confirm the identity of callers for certain kinds of transactions (e.g., cell phone registration for Duo; password reset).
Your diligence is a critical part of protecting UCSF and protecting your personal and professional data. Thank you for remaining vigilant about this growing cyberthreat, and please follow this guidance from our IT security team:
- Never accept a Duo verification unless you personally requested it. There is no scenario in which you should give a Duo code to anyone. Only click the green “Approve” button in Duo if you are in the process of logging on. Do not click the Duo “Approve” button if one shows up unexpectedly on your phone or if you receive a phone call requesting Duo approval.
- Report the Phish. If you believe you have received a phishing message but have NOT clicked the link or opened the attachment, report it using the Phish Alarm button.
For information on where to find the button within different platforms, visit https://it.ucsf.edu/services/phish-alarm.
- If you believe you DID click on a malicious link, contact the IT Service Desk immediately. If you provided your credentials (i.e. your user ID and / or password), change your password immediately and contact the IT Service Desk.
- Confirm identities. Cybercriminals mimic organization and company identities, including e-mail addresses, and URLs. Look for banners identifying messages coming from outside UCSF. Manually locate the organization online and contact them via their website, e-mail, or phone number.
- Protect your user ID and password. UCSF will NEVER ask for your username and password or other personal information via e-mail.
- Visit https://it.ucsf.edu/how-to/protect-ucsf-and-myself-phishing-and-other-similar-scams for more information.
If you have any questions regarding IT security, please reach out to the UCSF IT Service Desk at 415-514-4100 or contact them via chat http://help.ucsf.edu/.
Sincerely,
The Office of the Senior Vice Chancellor
Finance and Administration