UCSF Health Company Cyber Security Posture
ucsfhealth.orgUCSF Health is an integrated health care network encompassing several entities, including UCSF Medical Center, one of the nationโs top 10 hospitals according to U.S. News & World Report, and UCSF Benioff Childrenโs Hospitals, with campuses in Oakland and San Francisco. We are recognized throughout the world for our innovative patient care, advanced technology and pioneering research. For more than a century, we have offered the highest quality medical treatment. Today, our expertise covers virtually all specialties, from cancer to women's health. In addition, the compassionate care provided by our doctors, nurses and other staff is a key to our success. Our services generate about 1.1 million patient visits to our clinics a year and $3.2 billion in annual revenue. We have 12,000 employees and dozens of locations throughout San Francisco as well as outreach clinics throughout Northern California and beyond.
UCSF Health Company Details
ucsfhealth
11110 employees
106637.0
62
Hospitals and Health Care
ucsfhealth.org
3805
UCS_6354324
In-progress
UCSF Health Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
UCSF Health Global Score.png)
UCSF Health Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
UCSF Health Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| UCSF Medical Center | Breach | 50 | 2 | 9/2013 | UCS158072625 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: The California Office of the Attorney General reported a data breach involving UCSF Medical Center on October 2, 2013. The breach occurred on September 9, 2013, due to the theft of an unencrypted laptop from a locked vehicle, potentially affecting health information of individuals, including names and medical record numbers. | |||||||
| University of California San Francisco | Ransomware | 100 | 4 | 6/2020 | UCS658072625 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 13, 2020. The breach occurred on June 1, 2020, due to a cybersecurity attack that resulted in unauthorized access to personal information, including names and social security numbers, affecting an unspecified number of individuals. UCSF paid the attacker to recover encrypted data and has offered credit monitoring services to impacted individuals. | |||||||
| University of California San Francisco | Breach | 60 | 3 | 9/2013 | UCS212072625 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 21, 2013. The breach occurred on September 25, 2013, when an unencrypted personal laptop containing identifiable health information was stolen from a physician's locked vehicle. The stolen laptop contained sensitive health information, which could potentially compromise the privacy and security of the affected individuals. | |||||||
UCSF Health Company Subsidiaries
UCSF Health is an integrated health care network encompassing several entities, including UCSF Medical Center, one of the nationโs top 10 hospitals according to U.S. News & World Report, and UCSF Benioff Childrenโs Hospitals, with campuses in Oakland and San Francisco. We are recognized throughout the world for our innovative patient care, advanced technology and pioneering research. For more than a century, we have offered the highest quality medical treatment. Today, our expertise covers virtually all specialties, from cancer to women's health. In addition, the compassionate care provided by our doctors, nurses and other staff is a key to our success. Our services generate about 1.1 million patient visits to our clinics a year and $3.2 billion in annual revenue. We have 12,000 employees and dozens of locations throughout San Francisco as well as outreach clinics throughout Northern California and beyond.
Access Data Using Our API
Get company history
Rapid.png)
UCSF Health Cyber Security News
UCSF and Sutter Health Ink Tech Innovation Partnerships with GE HealthCare
Partnerships between tech companies and hospitals and health systems have the potential to drive innovation, reduce costs and improveย ...
An Insiderโs View on Why Itโs Important to Take UC-Required Security Trainings
Patrick Phelan, UCSF Chief Information Security Officer, underscores why University officials are concerned about cybersecurity threats.
UCSF Health lays off 200 employees
UCSF Health said it has laid off an estimated 200 employees in an effort to combat rising operating costs and lower reimbursements rates.
UCSF Notifies Individuals Regarding Cybersecurity Incident
UC San Francisco is notifying individuals about a cybersecurity incident that may have impacted their personal information.
UCSF pays hackers $1.1M to regain access to medical school servers
Hackers extorted more than $1 million from the University of California, San Francisco (UCSF) after hitting its medical school servers withย ...
Mergers and Acquisitions: An Overview of Notable Healthcare M&A Activity in Q3 2024
Here's a look at some of the notable merger and acquisition activity among healthcare providers in Q3 2024.
UCSF Spinout Raises $12M for Platform That Facilitates Secure AI Development
โIt's a huge undertaking to try to create agreements to get organizations to give their data to those who are trying to create AI.
California health system completes acquisition of two hospitals
Suresh Gunasekaran, president and chief executive officer of UCSF Health, said the acquisition enables the system to โpreserve these criticalย ...
UCSF Medical School Officials Pay Hackers $1.14 Million Ransom To Recover Stolen Data
Hackers who attacked computer servers at the University of California at San Francisco School of Medicine were paid a ransom of more than $1ย ...
UCSF Health Similar Companies
Corewell Health
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0
NSW Health
โโโโโโโWith more than 170,000 staff and 228 hospitals, there are millions of ways we are enriching the health of the NSW community every day. In front of a patient, working in a kitchen, developing new treatments, or at a desk, each one of our staff is a vital member of the largest health organisat
Advocate Aurora Health
Advocate Aurora Health and Atrium Health are now Advocate Health โ the fifth-largest nonprofit integrated health system in the U.S. Advocate Health is the fifth-largest nonprofit integrated health system in the United States โcreated from the combination of Advocate Aurora Health and Atrium Health
Elevance Health
Fueled by our bold purpose to improve the health of humanity, we are transforming from a traditional health benefits organization into a lifetime trusted health partner. Our nearly 100,000 associates serve more than 118 million people, at every stage of health. We address a full range of needs wi
Medical University of South Carolina
The Medical University of South Carolina (MUSC) is a public institution of higher learning the purpose of which is to preserve and optimize human life in South Carolina and beyond. The university provides an interprofessional environment for learning and discovery through education of health care p
Abbott
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritional and branded generic medicines. Our 114,000 col
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UCSF Health CyberSecurity History Information
How many cyber incidents has UCSF Health faced?
Total Incidents: According to Rankiteo, UCSF Health has faced 3 incidents in the past.
What types of cybersecurity incidents have occurred at UCSF Health?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware and Breach.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Data Breach at University of California San Francisco (UCSF)
Description: A data breach occurred when an unencrypted personal laptop containing identifiable health information was stolen from a physician's locked vehicle.
Date Detected: 2013-09-25
Date Publicly Disclosed: 2013-11-21
Type: Data Breach
Attack Vector: Physical Theft
Vulnerability Exploited: Unencrypted Data
Threat Actor: Unknown
Motivation: Unknown
Incident : Data Breach
Title: Data Breach at University of California San Francisco
Description: The California Office of the Attorney General reported a data breach involving the University of California San Francisco (UCSF) on November 13, 2020. The breach occurred on June 1, 2020, due to a cybersecurity attack that resulted in unauthorized access to personal information, including names and social security numbers, affecting an unspecified number of individuals. UCSF paid the attacker to recover encrypted data and has offered credit monitoring services to impacted individuals.
Date Detected: 2020-06-01
Date Publicly Disclosed: 2020-11-13
Type: Data Breach
Incident : Data Breach
Title: UCSF Medical Center Data Breach
Description: The California Office of the Attorney General reported a data breach involving UCSF Medical Center on October 2, 2013. The breach occurred on September 9, 2013, due to the theft of an unencrypted laptop from a locked vehicle, potentially affecting health information of individuals, including names and medical record numbers.
Date Detected: 2013-09-09
Date Publicly Disclosed: 2013-10-02
Type: Data Breach
Attack Vector: Theft of Unencrypted Laptop
Vulnerability Exploited: Physical Security
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach UCS212072625
Data Compromised: Identifiable Health Information
Systems Affected: Personal Laptop
Incident : Data Breach UCS658072625
Data Compromised: names, social security numbers
Incident : Data Breach UCS158072625
Data Compromised: Names, Medical Record Numbers
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Identifiable Health Information, names, social security numbers, Names and Medical Record Numbers.
Which entities were affected by each incident?
Incident : Data Breach UCS212072625
Entity Type: Educational Institution
Industry: Healthcare
Location: San Francisco, California
Incident : Data Breach UCS658072625
Entity Type: Educational Institution
Industry: Education
Location: San Francisco, California
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach UCS212072625
Type of Data Compromised: Identifiable Health Information
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Incident : Data Breach UCS658072625
Type of Data Compromised: names, social security numbers
Personally Identifiable Information: True
Incident : Data Breach UCS158072625
Type of Data Compromised: Names, Medical Record Numbers
Sensitivity of Data: High
Data Encryption: No
Personally Identifiable Information: Yes
Ransomware Information
Was ransomware involved in any of the incidents?
References
Where can I find more information about each incident?
Incident : Data Breach UCS212072625
Source: California Office of the Attorney General
Incident : Data Breach UCS658072625
Source: California Office of the Attorney General
Date Accessed: 2020-11-13
Incident : Data Breach UCS158072625
Source: California Office of the Attorney General
Date Accessed: 2013-10-02
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney General, and Source: California Office of the Attorney GeneralDate Accessed: 2020-11-13, and Source: California Office of the Attorney GeneralDate Accessed: 2013-10-02.
Additional Questions
General Information
Has the company ever paid ransoms?
Ransom Payment History: The company has Paid ransoms in the past.
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2013-09-25.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2013-11-21.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Identifiable Health Information, names, social security numbers, Names and Medical Record Numbers.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Personal Laptop.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Identifiable Health Information, names, social security numbers, Names and Medical Record Numbers.
Ransomware Information
What was the highest ransom paid in a ransomware incident?
Highest Ransom Paid: The highest ransom paid in a ransomware incident was True.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General, California Office of the Attorney General and California Office of the Attorney General.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
