{"id":35794,"date":"2020-06-29T21:30:00","date_gmt":"2020-06-29T21:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/d\/d-id\/1338196"},"modified":"2020-06-29T21:30:00","modified_gmt":"2020-06-29T21:30:00","slug":"university-of-california-sf-pays-ransom-after-medical-servers-hit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/","title":{"rendered":"University of California SF Pays Ransom After Medical Servers Hit"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on &#8220;several IT systems&#8221; in the UCSF School of Medicine.<\/span> <\/p>\n<p class=\"p1\">The University of California San Francisco paid about $1.14 million to ransomware operators earlier this month after its malware compromised several important servers in the UCSF School of Medicine and encrypted them to prevent access, UCSF administrators stated on June 26.<\/p>\n<p class=\"p1\">The crypto-ransomware attacks, which have been attributed to the NetWalker group, also reportedly hit Michigan State University and Columbia College of Chicago. UCSF, which has pursued a substantial amount of research on coronavirus and COVID-19, stated that the attacks had not affected that research, nor had an impact on the operations of its medical center and patient care.<\/p>\n<p class=\"p1\">However, the ransomware had affected &#8220;a limited number of servers&#8221; in the medical school, the university said in a statement.<\/p>\n<p class=\"p1\">&#8220;The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,&#8221; the statement said. &#8220;We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.&#8221;<\/p>\n<p class=\"p1\">UCSF&#8217;s information technology department caught the attack in progress and &#8220;quarantined several IT systems within the School of Medicine as a safety measure,&#8221; preventing the attack from reaching the &#8220;core UCSF network,&#8221; the university <a href=\"https:\/\/www.ucsf.edu\/news\/2020\/06\/417911\/update-it-security-incident-ucsf\" target=\"_blank\" rel=\"noopener noreferrer\">said in the June 26 statement<\/a>.<\/p>\n<p class=\"p1\">The attack and its million-dollar consequences show that organizations must be able to recognize attacks and stop them much quicker, says Marcus Fowler, director of strategic threat at Darktrace, a threat protection firm.<\/p>\n<p class=\"p1\">&#8220;I think with ransomware, speed and visibility is going to be the key,&#8221; he says. &#8220;They are running around and unplugging machines to manage the bleeding, rather than focusing on what happened.&#8221;<\/p>\n<p class=\"p1\">NetWalker started attacking organization in 2019, focusing on large, global entities, according to cybersecurity firm SentinelOne. The group uses many generic system tools and tends to focus on so-called &#8220;living off the land&#8221; tactics, where the attackers try to only use utilities already present on the system to avoid being detected when installing malware, Jim Walter, a senior threat researcher at SentinelOne, wrote in <a href=\"https:\/\/labs.sentinelone.com\/netwalker-ransomware-no-respite-no-english-required\/\" target=\"_blank\" rel=\"noopener noreferrer\">a blog post on the group<\/a>.<\/p>\n<p class=\"p1\">In February, the group attacked the Toll Group, an Australian shipping and logistics firm, causing disruptions to the company&#8217;s operations and customers, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-ransomware-strain-halts-toll-group-deliveries\/\" target=\"_blank\" rel=\"noopener noreferrer\">according to media reports<\/a>. In March 2020, the NetWalker group infected multiple hospitals in Spain, luring victims into opening malicious PDF documents that promised updated information on COVID-19. The latter incident, along with the attack on UCSF, highlights that cybercriminal groups \u2014 which had <a href=\"https:\/\/www.darkreading.com\/risk\/healthcare-targeted-by-more-attacks-but-less-sophistication\/d\/d-id\/1337702\" target=\"_blank\" rel=\"noopener noreferrer\">pledged to refrain from attacking hospitals and medical-research facilities<\/a> during the coronavirus pandemic \u2014 cannot be trusted to forgo profits.<\/p>\n<p class=\"p1\">NetWalker, in particular, appears to be attacking with abandon \u2014 and leaking data, if the organization does not pay, Walter says.<\/p>\n<p class=\"p1\">&#8220;Consequently, detection and clean-up is no longer sufficient to ensure organizational data remains confidential and secure,&#8221; he wrote in the blog post. &#8220;Prevention is the only the cure for threats like NetWalker, which hit organizations with the double-edged sword of encryption by ransomware and extortion via threats of public data exposure.&#8221;<\/p>\n<p class=\"p1\">BBC News managed to get <a href=\"https:\/\/www.bbc.com\/news\/technology-53214783\" target=\"_blank\" rel=\"noopener noreferrer\">a fly-on-the-wall view of the negotiation<\/a> between UCSF and the NetWalker criminal group \u2014 a negotiation that started at $3 million. After some back and forth, the two parties negotiated to 116.4 Bitcoins, or $1.14 million, which the school paid.<\/p>\n<p class=\"p1\">The school notified the FBI and are cooperating with their investigation. The university does not believe that any sensitive medical information had been exposed by the attack.<\/p>\n<p class=\"p1\">&#8220;Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,&#8221; USCF stated in its statement. &#8220;The attackers obtained some data as proof of their action, to use in their demand for a ransom payment.&#8221;<\/p>\n<p class=\"p1\">The school declined to offer additional details, citing the ongoing federal investigation.<\/p>\n<p class=\"p1\">&#8220;In order to preserve the integrity of the investigation, we are limited in what we can share at this time and appreciate everyone&#8217;s patience as we resolve this situation,&#8221; UCSF <a href=\"https:\/\/www.ucsf.edu\/news\/2020\/06\/417861\/ucsf-update-it-security-incident\" target=\"_blank\" rel=\"noopener noreferrer\">said in its June 17 statement<\/a>.<\/p>\n<p class=\"p3\"><strong>Related Content:<\/strong><\/p>\n<div><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" alt width=\"450\" height=\"70\"><\/div>\n<div><em><strong><strong>Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that &#8220;really bad day&#8221; in cybersecurity. Click for<\/strong><strong>&nbsp;<a href=\"https:\/\/events.darkreading.com\/virtualsummit\/\" target=\"_blank\" rel=\"noopener noreferrer\">more information and to register<\/a>&nbsp;for this On-Demand event.&nbsp;<\/strong><\/strong><\/em><\/div>\n<p><em><strong><strong>&nbsp;<\/strong><\/strong><\/em><\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span> <\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/d\/d-id\/1338196?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on &#8220;several IT systems&#8221; in the UCSF School of Medicine. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/d\/d-id\/1338196?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-35794","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-29T21:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"University of California SF Pays Ransom After Medical Servers Hit\",\"datePublished\":\"2020-06-29T21:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/\"},\"wordCount\":804,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/\",\"name\":\"University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"datePublished\":\"2020-06-29T21:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/VIRTUALSUMMIT_DR20_320x50.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/university-of-california-sf-pays-ransom-after-medical-servers-hit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"University of California SF Pays Ransom After Medical Servers Hit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/","og_locale":"en_US","og_type":"article","og_title":"University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-06-29T21:30:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"University of California SF Pays Ransom After Medical Servers Hit","datePublished":"2020-06-29T21:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/"},"wordCount":804,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/","url":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/","name":"University of California SF Pays Ransom After Medical Servers Hit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","datePublished":"2020-06-29T21:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/VIRTUALSUMMIT_DR20_320x50.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/university-of-california-sf-pays-ransom-after-medical-servers-hit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"University of California SF Pays Ransom After Medical Servers Hit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=35794"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/35794\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=35794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=35794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=35794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}