Top 10 Cybersecurity Breaches in California

One of the most sophisticated and extensive healthcare systems in the world, the University of California, Los Angeles Health (UCLA Health) sees 3.5 million outpatient visits and more than 750,000 unique patient visits a year. In mid-July 2015, the hospital admitted hackers might have accessed sensitive information on up to 4.5 million of its patients. Reportedly, starting September 2014, hackers gained access to the part of the network hosting personally identifiable medical information (e.g., names, birthdates). UCLA Health's candid admission that it hadn't encrypted patient data came under intense fire from security professionals. Computer forensic experts hired by the health system were reportedly working against the clock to secure the network and data from breaches though there wasn't any indication that patient data had indeed been hacked.

In March 2022, computer systems at the Partnership HealthPlan of California (PHC) serving more than half a million beneficiaries were downed in a cyberattack. Hackers are believed to have siphoned off protected health information of at least 850,000 current and former health plan members. The leaked data trove potentially included patient names, medical record numbers, federally recognized tribal IDs, diagnoses, prescriptions, and patients' login credentials. A lawsuit brought against PHC by one of those impacted by the breach claimed PHC hadn't taken enough steps, such as designing adequate user authentication and security protocols for its systems, to preempt an attack of this kind. However, in health data breach cases, the onus is on the plaintiff to prove the actual injury caused by the care provider.

In early 1998, as the US prepared to conduct bombing operations over Iraq, 500 government and private computer systems, including the Department of Defense (DoD) networks, were taken over by hackers. Initially, the needle of suspicion seemed to point in the direction of Iraqi cyber operatives. The criminals seized control of these computers exploiting a known vulnerability in the Solaris UNIX-based operating system from Sun Microsystems, so the attack came to be known as "Solar Sunrise." Essentially, the attackers planted a "sniffer" to capture data packets containing confidential defense information. Soon, the FBI and defense combat support agencies were on the case. The subsequent investigation led to the doorsteps of two Californian teens. The duo pleaded guilty, and in March 1998, a third teen was nabbed by Israeli police in the same case.

In February 2023, Activision, publisher of the best-selling Call of Duty video games series and media franchise, acknowledged it had been the subject of a data breach in December 2022. Having stolen the login credentials of an HR employee via text message phishing, hackers gained unauthorized access to confidential employee data (e.g., emails, mobile numbers). Activision claimed the data loss was insignificant and, therefore, didn't see much merit in alerting the workforce directly in the wake of the breach. However, California law requires companies and state agencies to notify any California resident if her/his unencrypted personal information is (believed to have been) breached by an unauthorized person. Where such entities issue breach alerts to more than 500 California residents, the entity must alert their employee teams as well.

At midday on Christmas Eve 2012, the San Francisco-headquartered Bank of the West's website was knocked offline by a distributed denial of service (DDoS) attack. The attack prevented legitimate customers from visiting the bank's site. Shockingly, it also served as a ruse to sidetrack the Bank of the West's officials from a major online heist directed against one of its clients, Ascent Builders. Between December 24 and 26, online criminals looted the company's Bank of the West accounts of more than $900,000. Employing a DDoS attack as a cover for a digital bank robbery is a sneaky trick employed typically by cyber crooks who make use of the Gameover Trojan, a peer-to-peer botnet. The entire loot from Ascent Builders was then transferred illegally to foreign bank accounts by "mules" acting knowingly or unwittingly on behalf of the hackers.

Patients who had made at least one payment using the online service of Sharp Healthcare, a large not-for-profit healthcare provider in Southern California, between August 2021 and January 2023 might have had some of their personal information compromised by hackers! In February 2023, Sharp Healthcare announced it had started notifying a database of more than 60,000 patients about the data breach. The care provider was emphatic that patients' bank details, credit card information, social security numbers, and health records were not among the purloined data. It wasn't evident if the pilfered data had been put to some vile purpose. The target of the attack was the healthcare provider's website (Sharp.com) while its patient portal (FollowMyHealth) remained unscathed.

Alameda Health System, based in Oakland, California, acknowledged in June 2022 that it had suffered a data breach that might have compromised the personally identifiable health information of 90,000 patients. It appears that a hacker had gained remote access to the email accounts of some of the health system's employees, and these supposedly contained patients' personal health information. However, Alameda didn't reveal the date of the breach, when the cyber incident had come to its notice, or the type of data that might have been compromised by the unauthorized user. The health system said it had taken steps to alert persons potentially impacted by the data leak and alleviate any damage caused, besides reporting the incident to the regulators.

In late April 2023, more than two weeks after a cyberattack encrypted many of its systems, the county sheriff's office in San Bernardino, California, was struggling to fully restore operations. According to media reports, the damage was most likely caused by clicking a tainted hyperlink and unwittingly downloading ransomware. The department was finally able to recover the encrypted files. However, with emails and computers disrupted, police officers had to fall back on radio dispatches to run license plates and background checks on suspects. The county was reportedly using digital forensics to discover the root cause of the attack on a key department that is responsible for enforcing contract law in 14 cities. Besides, the department operates the county jail system.

LockBit, considered the Robin Hood of ransomware gangs, claimed in mid-December 2022 that it was in possession of at least 75 GB of data belonging to California's Department of Finance. The group posted screenshots of the property dialog for the files and folders supposedly in their possession. Going by this, there were about 246,000 files in more than 100,000 folders in the stolen cache of data, which was said to include sensitive financial records and IT documents. The gang threatened to make the data public if the target refused to part with ransom money by December 24, 2022. Without going into details, California's Department of Finance confirmed it was investigating a cybersecurity incident, insisting that no state funds had been compromised.

The November 2014 compromise of Sony Pictures' servers resulted in the theft of nearly 100 terabytes of data and upended work at the studio for about a week, so much so that operations had to be run with pen, paper, whiteboard, and fax. The hackers released DVD copies of five new movies online within minutes of each other. Not content with that, the criminals leaked employees' personal data, social security numbers, and emails. The release of Sony Pictures' salary spreadsheets called into question the company's practices around gender pay parity and diversity. A little-known outfit calling itself the "Guardians of Peace" claimed it was behind the hack. However, the US government believes the hack was orchestrated by North Korean state-linked operatives in retaliation for Sony's The Interview (2014), an audacious comedy around the country's leader Kim Jong-Un.

With hack after hack pulverizing many Californian organizations, large and small, public and private, it's critical that decision-makers at all levels work in concert with security professionals with proven capabilities to bolster the Golden State's overall cyber defenses. At Cyberlands, our battle-hardened security professionals help organizations of all sizes evaluate the security status of their software, hardware, services, networks, information, vendors, service providers, and more to further strengthen their cybersecurity posture.

Thank you for taking the time to read our stories on cybersecurity. It means a lot to us. We look forward to your queries and feedback. Do write to us at the Cyberlands team.