November 1, 2024

UCSF IT Security

Awareness News You Can Use

Monthly Articles, Contests, Resources, and Upcoming Events

November is Safe Shopping During the 

‌Holidays  Awareness Month

Please read  the article "Don’t Get Grinched: Tips for Safe Online Holiday Shopping!" and take the monthly quiz. All UCSF faculty, staff, contractors, students, and affiliates who take the quiz will be entered in a drawing for one of six $50 Amazon gift cards.

Remember, you can also visit our previous security awareness articles and take the quizzes. Visit our past campaigns at the UCSF Cybersecurity Awareness Site.

Latest Phishing Campaign

If you missed the "red flags" from our latest  UCSF-wide mock phish, they are displayed at the bottom of our page "Protect UCSF and Myself from Phishing and Other Similar Scams."

If an email seems at all strange, report it via Phish Alarm. You will find out almost instantly how to further interact with the email. Over-reporting is not an issue! Better safe than sorry! 

Winners of the Phish Alarm Reporting Contest!

The top five people who used the Phish Alarm button to report potential phishing messages between June 1, 2024, and October 31, 2024, were:

 

‌‌Frances Peterson

‌Aden Bacus

‌Linda Chafetz 

‌Louise Hendrickson

‌Pearl Zulueta

‌Congratulations to the winners! Each will receive a certificate of recognition as a Phish Alarm Champion and a $50 Amazon gift card. Remember, if an email is strange at all, just report it.  Always better safe than sorry!

‌To learn more about how to report a phish, go to phishalarm.ucsf.edu.

New Duo fatigue Flyer to Help Combat Duo Fatigue Attacks! Win a $50 Amazon Gift Card!

Duo Fatigue Attacks are still happening! In these attacks, perpetrators who likely possess stolen passwords bombard individuals with Duo push notifications. The aim is for individuals to tire and mistakenly approve access, endangering their account and UCSF IT resources and Institutional information. To counter this, IT Security has developed a new flyer detailing essential protective measures. Please replace any old flyers with the new ones in approved locations like breakrooms and department bulletin boards. Each month document your new flyer postings with photos and send them to [email protected] to enter a $50 Amazon gift card draw. Congratulations to Val Dougherty, the winner for October! You must be logged into your UCSF Microsoft Account to access and download:

Click here to open and print the flyer

Required UC Cybersecurity Awareness Course

All UCSF Faculty, Staff, and Students must annually complete the UC Cyber Fundamentals Awareness Course on the UC Learning Management System (LMS). 

‌Pat Phelan, UCSF CISO,  spoke at the June 7, 2024 UCSF Town Hall on the importance of this course and our new mandated compliance rate of 100%. Click here to see his whole presentation.

Click here to read Pat Phelan's article An Insider’s View on Why It’s Important to Take UC-Required Security Trainings

See the Latest Phishing Scams and Know

What To Do 

In the last year, cyber criminals delivered a wave of cyber-attacks that were not just highly coordinated, but far more frequent and advanced than ever before seen. Many of them began with a phishing email. To help everyone be more aware of the current widespread and impactful phishing scams, IT Security has created the Real Phishing Threats Page. It lists actual phish that have been received by UCSF and the prevalent phishing campaigns out in the world. It provide additional information on:

  • What to watch out for
  • Key actions to take
  • ‌Great resources to help combat phishing

‌Please bookmark the page and check back often. IT Security will be updating it frequently.

 

Ongoing Monthly Contests

Everyone Can Win a Prize!

1. Refer your UCSF friends and colleagues to the UCSF Awareness Site and ask them to:

  • Read the latest article and take the quiz.
  • Ask them to enter your email address as the referrer.
  • State they are new to the site on the last page of the monthly quiz.

For each 20 people you refer, you will win a $25 Amazon gift card (limit 2/year, referrals do not expire).

 

2. Each month we will be selecting one person to win a $50 gift card from everyone who uses the Phish Alarm Button to report suspicious emails. They will win a $50 gift card. This important security tool analyzes the email and lets you know if it is an actual phish. No need to contact the Service Desk or IT Security when you get something suspicious. For more information, please visit the Phish Alarm Overview Page.

 

3. Each month we will be randomly selecting five people from everyone with “Satidfied” status on their UC Cyber Fundamentals Awareness Course assignment to win a $50 Amazon Gift Card. Here’s how to check your status on the annual training requirement:

  • Click on the UC Learning Center link in MyAccess
  • Click on “UC Learning Center Login” from the UC Learning Center page
  • Click on “Required Training”
  • Check the Status of “eCourse: UC Cyber Security Awareness Fundamentals”

Winners Circle

October Awareness Quiz Winners

Sarah Lim 

‌Silvie Hill

‌Jacob Huth

‌Sheila Anulao

‌Tom Dunn

‌Clarence Pang

 

October Phish Alarm Winner

Kalin Patel

 

October LMS Cybersecurity

Awareness Course Winners

Katie Oshea

‌ Sherman Lim 

‌Henry Hsia 

‌Maria Rodriguez Gutierrez 

‌Jill Ostrem

 

Top Quiz Referrers

Millo Pasquini

Cristina Morrison

‌‌Eve Phong (Dinh)

‌Khin Nyunt‌‌

Julie Erich

Thea Dela Cruz

Jennifer Camacho

‌‌‌Erin Accurso

Matthew Lau

Casey Nelson

Gato Gourly

‌John Hasper

Jason Dong

Upcoming IT Security Events 

‌You Don't Want to Miss!

Thursday, November 14, 1:00 PM - 2:00 PM

Cybersecurity in Healthcare: Navigating AI Challenges and Building Cyber-Resilience

Part of the Rosenman Webinar Series on Healthcare Innovation

Speakers: Elvis Chan, Assistant Special Agent in Charge, FBI San Francisco, Patrick Phelan UCSF Chief Information Security Officer

Click here tp register for Cybersecurity in Healthcare: Navigating AI Challenges and Building Cyber-Resilience

Summary: Cybersecurity is a critical concern not only for individuals facing risks like identity theft but also on a national level, influencing elements as significant as federal elections. Within the healthcare sector, the complexity of challenges has expanded for startups, lab scientists, and IT professionals. Risks from exploiting generative artificial intelligence now join threats like IP theft, ransomware, and hacktivism. 

‌This webinar aims to empower participants by deepening their understanding of these evolving threats and highlighting how to forge robust cyber-resilience strategies. You will learn how to defend against these risks and develop resilient systems that continue to function effectively even during cyber incidents. 

‌Join us to gain expert insights from the FBI's Elvis Chan, who leads San Francisco’s Cyber Branch in cyber investigations and digital forensics, and UCSF’s Chief Information Security Officer, Patrick Phelan. Together, they will share valuable strategies to enhance your defensive capabilities and build resilience that protects both individuals and the organizations you serve.

Thursday, November 21, 9:00 AM - 10:00 AM

Penetration Testing of Medical Devices

Part of the UCSF-Stanford CERSI-FDA Distinguished Speaker Series on Cybersecurity for Biomedical Engineering

Speaker: Jan Küfner Team Leader, Penetration Testing, TÜV SÜD

Click here to register for Penetration Testing of Medical Devices

Summary: As the healthcare sector increasingly relies on connected medical devices, ensuring their cybersecurity is vital for patient safety. This presentation will highlight the critical need for medical device penetration testing (pen-testing) to identify vulnerabilities and protect devices and patient data from cyber threats. We will cover the role of notified bodies in assessing compliance with regulatory requirements, discuss the rising importance of effective pen-testing amid growing cyber threats, and examine the current state of medical device cybersecurity along with future challenges and innovations. Key topics include regulatory requirements, gaps between these and current practices, and the role of standards like CVSS scores and threat modeling. Attendees will gain a comprehensive understanding of the challenges and solutions in medical device pen-testing, equipping them to navigate this evolving field.

The UC Tech IT Blog - Events Page

‌The blog lists events for the UC Tech community to help introduce new skills, resources, perspectives and people/network in support of your work and career. 

‌Click here to go to the UC IT Blog Events Page for live informative events

Great Free Awareness and Training Resources

UCSF 2024 Cybersecurity Awareness Month Recordings

‌If you missed some of the educational events held by UCSF during Cybersecurity Awareness Month in October, don't worry!  Many of the events were recorded and are now available by video. 

Click here to see the recordings of the UCSF events

Recordings of  other UC CAM events will be up at the UCOP 2024 UC CAM celebration page soon!

Cybersecurity for the Clinician Video Training Series 

‌Produced and published in April 2023 as a free public service by the Health Sector Coordinating Council Cybersecurity Working Group

The “Cybersecurity for the Clinician” video training series totaling 47 minutes among eight videos explains in easy, non-technical language what clinicians and students in the medical profession need to understand about how cyber attacks can affect clinical operations and patient safety, and how to do your part to help keep healthcare data, systems and patients safe from cyber threats.

Click here to watch the Cyber Clinician Video Series