This content is viewable by Everyone
2024 UC Cybersecurity Awareness Month (UC CAM) Events
Cybersecurity Awareness Month is spearheaded by the National Cybersecurity Alliance. UCSF is a proud sponsor and participates in the University of California Cybersecurity Awareness Month (UC CAM) celebration. Once again, the UC campuses have banded together to provide a wide variety of events and activities to help you to individually protect yourself, your private information, and the University. Please go to the 2024 UC Office of the President Cybersecurity Awareness Month Page to register for the events and activities happening at many of our UC Campuses!
UCSF welcomes people with disabilities to our events and programs. To request reasonable accommodation, please get in touch with Esther Silver by emailing [email protected] as soon as possible. The webinars will include live, automated captioning in Zoom.
Events Hosted by UCSF - Click on links to see more information
All times are Pacific
10/1/24 10:00 AM: So, You Think You Know IT Security
10/3/24 10:00 AM: Email looking suspish? It’s probably a phish. UCSF’s Ever-Evolving Phish Mitigation Program
10/10/24 12: 00 AM Interactive Measurements in Neural Networks with of Trojans and Backdoors
10/17/23 TBD: Protecting the Hospital Landscape against Ransomware Attacks and the Loss of Life
10/22/24 11:00 AM: Nightmare on Cyber Street: Unleashing UCSF’s Spellbinding Data Security Compliance Program
10/24/24 12:00 PM How to Compliantly Share UCSF Data
10/31/24: 10:00 AM Winners of the Phish Alarm Reporting Contest Announced!
11/14/24 1:00 PM Cybersecurity in Healthcare: Navigating AI Challenges and Building Cyber-Resilience
Tuesday, October 1, 2024, 10:00AM-11:00 AM
So, You Think You Know IT Security
Click here to register for So You Think You know IT Security
Prove your IT security knowledge by joining our knowledge contest! Attendees will answer questions about how to keep UCs and their data and computing devices safe and secure. The highest scorer will receive a $50 Amazon Gift Card. A random drawing will settle ties.
Thursday, October 3, 2024, 10:00AM-11:00 AM
Email looking suspish? It’s probably a phish. UCSF’s Ever-Evolving Phish Mitigation Program
Speakers: Bryce Leong, UCSF IT Security Analyst; Kevin Simmons, UCSF IT Security Analyst; Esther Silver, UCSF IT Security Awareness and Training Program Manager; Tanya Jansen, UCSF IT Communications Specialist
Summary: Navigating the murky waters of the threat landscape and mitigating phishing risks is treacherous. Our team is constantly looking for ways to stay afloat. Discover the myriad ways we provide anchors to protect UCSF and help our end users be on the lookout for sharks in the water. Learn about the tools and procedures we have implemented and how we teach our users not to play koi to keep them from becoming adrift in a stormy sea. What we have done:
- Implemented Proofpoint to block the overwhelming majority of phishing messages.
- Implemented Phish Alarm so end users can easily report phish.
- Run phishing campaigns.
- Implemented anti-phishing training.
- Published articles in various publications and on our website including information on the phish indicators of recent mock phish.
- Created Real Phish Alert Page – ones received at UCSF and common ones reported by Proofpoint.
- Marketed the program in Pulse, physical and electronic posters, on the MyAccess page, and in various other ways.
Tanya Jansen is an award-winning communications and outreach professional with considerable experience in strategic communications and event planning. Her specialties include Strategic communications, marketing and outreach, event planning, accomplished public speaker and seminar leader, published author featured in Just Like a Girl 2008 Girlchild Press.
Kevin Simmons is an IT Security Analyst in the UCSF IT Security Department.
Bryce Leong Joined UCSF in 2002 as a Senior Desktop Support Engineer and then joined the IT Security Incident Response Team as a Security Analyst in 2018. Working part as a team dedicated to keeping UCSF secured from cyber-attacks.
Esther Silver began at UCSF in 2009 as the Business Continuity Program Manager and went on to be the IT Security Training and Awareness Manager in 2014.
Thursday, October 10, 2024, 12:00 PM-1:00 PM
Interactive Measurements in Neural Networks with Trojans and Backdoors
Click here to register for Interactive Measurements in Neural Networks with Trojans and Backdoors
Speaker: Peter Bajcsy, Project Lead at the National Institute of Standards and Technology
Summary: With the growing complexity of artificial intelligence (AI) models and the lack of AI model interpretability and performance explainability, there are many ways in which AI models can be attacked by adversaries. This presentation overviews basic attacks via poisoning training datasets or planting backdoors in AI model code. To enable quick learning about data poisoning and backdoor planting, we designed a web-based neural network calculator that enables simulations of planting, activating, and defending cryptographic backdoors in neural networks (NN), and injecting Trojans into training datasets. The online simulations are available at https://pages.nist.gov/nn-calculator.
Peter Bajcsy is a project lead at the National Institute of Standards and Technology, Gaithersburg, Maryland, U.S.A. His current research interests include foundational AI-based modeling, terabyte-sized image-based measurements, and metrology in computer vision applications. Peter received his Ph.D. in electrical and computer engineering from the University of Illinois at Urbana-Champaign. He is a Senior Member of the IEEE Computer Society. Contact him at [email protected].
Thursday, October 17, 2024, 9:00AM - 10:00 AM
Protecting the Hospital Landscape against Ransomware Attacks and the Loss of Life
Part of the UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering
Speaker: Andrea Greene-Horace, MHA, EMCS, Senior Advisor, Cybersecurity/Deputy Program Manager-COOP-Business Continuity, The Affordable Care Act (ACA), Centers for Medicare & Medicaid Services (CMS), Centers for Consumer Information & Insurance Oversight (CCIIO)
Summary: The healthcare industry is at a crossroads due to cyberattacks. Specifically, the hospital industry is viewed as being overwhelmed in its attempts to protect itself from cybersecurity attacks. As compared to other industry sectors, the healthcare sector is, in fact, more vulnerable. However, the reason why the hospital sector is not as cyber resilient as other sectors is not due to their lack of awareness or interest. Admittedly the healthcare industry’s awareness has improved, giving credit to these organizations. However, this improvement may be also largely due to ransomware attackers” following the money by turning their attention to better capitalized industries”. For sustained impactful longevity and success, partnerships between an array of stakeholders are immediately required to strengthen the industry’s resiliency. How this can be accomplished will be explored, as well as the reasons why hospitals remain vulnerable, despite heightened awareness. The focus is on the enactment of a comprehensive solution, as failure in the hospital industry can have infinite and catastrophic consequences in terms of patient safety and access, as well as long-term national security implications. Further, emerging AI and quantum computing use both further complicate this scenario but can set up hospitals for huge successes with key partnerships established and plans executed.
Andrea Greene-Horace, MHA, EMCS: Ms. Greene-Horace is a Health Care and IT Leader with over 25 years of experience in healthcare and IT program development for the private sector, as well as federal and state governments. She has advised Federal and State Executives on the strategy to ensure the secure and timely opening of the Health Care Marketplaces under the Affordable Care Act (ACA). Ms. Greene-Horace created and managed the first federal cybersecurity and privacy office for the ACA to ensure that federal cybersecurity and privacy requirements were built into IT development and program governance for 17 Health State Based Care Marketplaces. She advised the Secretary of the Maryland Department of Health in instituting Health Plan Management requirements for the ACA. Her other program and/or start-up experiences have included program development at the Marriott Corporation (Senior Living Services), the New Jersey Primary Care Association (Network Management Services), and at several federal agencies and in establishing Program Offices or new business services. She is currently establishing the Artificial Intelligence (AI) Compliance Framework within the AI Governance Framework for the ACA Program. A lifelong learner, she loves learning about the potential impact of emerging technology. Ms. Greene-Horace is a graduate of Penn State (BA), Cornell (MHA), and Brown University (Cyber). She is also a member of Delta Sigma Theta Sorority, Inc. In her free time, she loves to spend time with her family, taking time planning events for children, and listening and strategizing with young adults to pursue and achieve their passions.
Tuesday, October 22, 2023, 11:00 AM-12:00 PM
Nightmare on Cyber Street: Unleashing UCSF’s Spellbinding Data Security Compliance Program
Speakers: Lee Zelyck, UCSF Senior Data Security Comp Analyst; Mary Morshed, UCSF Data Security Compliance Director; James Tarala, Cyverity Managing Partner and a SANS Senior Instructor
Summary: This Halloween, dive into the shadowy world of data security with UCSF’s thrilling new Data Security Compliance (DSC) Program. Designed to combat the ever-evolving cyber threats, our program stands as a fortress with its extensive library of security requirements, including administrative, technical, and physical controls. These robust safeguards are meticulously assembled from a myriad of sources such as laws, regulations, UC/industry/local policies, and contract stipulations. As the digital landscape morphs and expands, the challenge of tracking and managing compliance intensifies. Join the UCSF DSC Team on a spine-chilling journey to unravel the mysteries of cybersecurity compliance. Discover cutting-edge tools and resources that simplify the identification of pertinent requirements for specific systems or use cases. Learn the art of de-duplicating and consolidating safeguards to fortify your defenses.
But that’s not all—our alliance with the Cybersecurity Risk Foundation (CRF) brings decades of consolidated cybersecurity wisdom to your fingertips. Through comprehensive research, policy guides, frameworks, and an innovative online assessment tool, we empower you to enhance your cybersecurity posture dramatically. Prepare to be spellbound as you access expert advice and state-of-the-art solutions designed to shield your organization from the ghostly specters of cyber threats and ensure stringent compliance with industry standards. Don’t miss this chance to transform your cybersecurity strategy from a haunted maze into a commanding stronghold. Join us to safeguard your digital realm this Halloween and beyond!
Mary Morshed is the UCSF Director of Data Security Compliance. Mary joined UCSF Health in November 2022. She previously served 16+ years in the role of Chief Information Security and Privacy Officer for various state of California entities, CSU, and Sacramento Municipal Utility District (SMUD). She has over 33 years of experience in the field of information security and also currently holds several industry security, privacy, and healthcare professional certifications.
Lee Zelyck is a cybersecurity professional with 20 years of experience. He joined UCSF Health in November 2023 as a Senior Data Security Compliance Analyst. Prior to joining UCSF, Lee worked as a consultant to cloud providers and clients in various industries, including oil, gas, and government. For the past 5 years, Lee has worked in cybersecurity operations for academic healthcare providers and holds several information security technical and professional certifications.
James Tarala is a managing partner with Cyverity based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author of LDR419: Performing a Cybersecurity Risk Assessment, the brand new LDR519: Cybersecurity Risk Management and Compliance course, as well as a number of previous SANS courses.
Thursday, October 24, 12:00 PM-1:00 PM
How to Compliantly Share UCSF Data
Speakers: Helena Mezgova, UCSF Sr. Data Compliance Specialist in Academic Research Services; Kim Romero, UCSF Associate Director of Process Management & Compliance in Academic Research Services
Click here to register for How to Compliantly Share UCSF Data
Summary: UCSF has a responsibility to analyze and share data in order to generate new knowledge and insights. To meet UCOP recommendations and aid in the mitigation of risks of malicious cyber activity and incidents, leadership determined that a thorough review and development of standardized processes for our data management and external data sharing practices was essential to ensure the protection of our data assets. During the “How to Compliantly Share UCSF Data” session, we will discuss the actions we’ve taken to address this by providing an overview of the new UCSF data sharing Policy 650-20 External Sharing of Personally Identifiable Information (PII) and PII-Derived Data, the steps required to share UCSF data externally, and the considerations when designing data sharing engagements with external third parties.
Attendees will gain insight into the compliance steps required to share UCSF data through data sharing engagements with named third parties, repositories, and publication. In addition, this session will introduce factors for consideration when designing an external data sharing engagement to ensure that key compliance areas are addressed early in the planning and initiation stages, and to ensure that departments have sufficient time to address any additional compliance matters that may arise.
Kim Romero works in the Enterprise Information & Analytics department in central IT and manages the team responsible for the data compliance and data sharing areas. Examples of initiatives that her team helps with are the review of higher-risk data sharing engagements by the IT Governance Committee on EIA, implementing and supporting data access models and processes, and defining and operationalizing data compliance and data sharing policies, guidance, and workflows. She has worked at UCSF since 2009, with the first 8 years focused on managing research data services and systems and the remainder focused on the data compliance and data sharing areas. Please reach out to her team with any questions that you may have about data access and release, data sharing, or data compliance matters.
Helena Mezgova is a Senior Data Compliance Specialist of the IT EIA Data Compliance team. She joined UCSF in 2019 and currently supports the operations of the data compliance functions for teams to ensure data are managed, administered, released, and shared in accordance with security, privacy, and compliance policies and laws. She oversees the higher-risk data sharing review process by the IT Governance Committee on EIA and is a subject matter expert in data sharing. She is trained as a bioethicist, with certification in healthcare privacy and security.
Thursday, October 31, 10:00 AM - 10:15 AM
Winners of the UCSF Only Phish Alarm Reporting Contest Announced!
Summary: The top five people who use the Phish Alarm button to report potential phishing messages between June 1, 2024, and October 31, 2024, will be recognized as Phish Alarm Champions with an official certificate and win $50 Amazon Gift Cards. Remember if an email is at all strange, just report it. Always better safe than sorry! Winners will be notified by email. This event is UCSF Only.
To learn more about how to report a phish, go to phishalarm.ucsf.edu.
Thursday, November 14, 1:00 PM - 2:00 PM
Cybersecurity in Healthcare: Navigating AI Challenges and Building Cyber-Resilience
Part of the Rosenman Webinar Series on Healthcare Innovation
Speakers: Elvis Chan, Assistant Special Agent in Charge, FBI San Francisco, Patrick Phelan UCSF Chief Information Security Office
Summary: Cybersecurity is a critical concern not only for individuals facing risks like identity theft but also on a national level, influencing elements as significant as federal elections. Within the healthcare sector, the complexity of challenges has expanded for startups, lab scientists, and IT professionals. Risks from exploiting generative artificial intelligence now join threats like IP theft, ransomware, and hacktivism.
This webinar aims to empower participants by deepening their understanding of these evolving threats and highlighting how to forge robust cyber-resilience strategies. You will learn how to defend against these risks and develop resilient systems that continue to function effectively even during cyber incidents.
Join us to gain expert insights from the FBI's Elvis Chan, who leads San Francisco’s Cyber Branch in cyber investigations and digital forensics, and UCSF’s Chief Information Security Officer, Patrick Phelan. Together, they will share valuable strategies to enhance your defensive capabilities and build resilience that protects both individuals and the organizations you serve. This is an essential session for mastering the complexities of cybersecurity in today's interconnected world.
Elvis Chan is an Assistant Special Agent in Charge (ASAC) assigned to FBI San Francisco. ASAC Chan manages the field office’s Cyber Branch, which is responsible for cyber investigations, digital forensics, technical operations, community engagement, and public affairs. With over 16 years in the Bureau, he is a decorated agent who is recognized within the Intelligence Community as an election cybersecurity and cyberterrorism expert. ASAC Chan was the lead agent on significant cyber investigations and managed joint counterterrorism operations with domestic and foreign law enforcement agencies. Prior to joining the Bureau, ASAC Chan was a process development engineer in the semiconductor industry for almost 12 years. He holds two U.S. patents, presents at many technical and law enforcement symposiums, and published multiple articles in journals. ASAC Chan earned his bachelor’s degrees in chemical engineering and chemistry from the University of Washington and his master’s degree in homeland security studies from the Naval Postgraduate School.
Pat Phelan is the Chief Information Security Officer of UCSF, one of the premier academic medical centers in the country. He is responsible for the security strategy and operations that protect systems supporting the research, education, and clinical missions of the institution. A 25-year IT veteran, he is a member of several professional organizations, holds CISSP, CEH, CISM certifications, and a B.S. in computer science from UCLA.