University Hacking: What Can We Learn?

University Hacking

In June 2016, a Canadian university found itself the victim of a ransomware attack. The malware encrypted all of the school's files as well as their email system, affecting professors, students, and administration. As a result of the widespread and urgent need to access the school's files and email system, the University paid the bitcoin ransom of $20,000 in exchange for the decryption keys in order to gain access once again.

Since the popular victims have lately been healthcare companies, a university attack appears to represent a new focus. Healthcare companies retain important and private information that is currently in demand from hackers, but this situation has demonstrated a new turn in targets. It exemplifies how some hackers seek monetary rewards, versus others who seek private information to sell. The school's email system did not necessarily contain private data valuable to the hacker, so encrypting that system was not for the purpose of obtaining information. Because professors, students, administration and various other employees of the university access its email system regularly, this incident affected thousands of people and created a chaotic environment in which there was no alternative system available to communicate with one another. It was also discovered that the university was not properly backing up their data, leaving them in a very vulnerable position at the mercy of the hackers.

Lastly, a university with thousands of students is assumed to have a lot of money; the University of California system has an annual budget of $27 million. Universities are not only assumed to have money, but they are also assumed to have copious amounts of important information to which people require timely access. By disturbing their mass communication system, the hackers exposed the time sensitive nature of communication at universities. This particular university did not have the luxury of time to wait for the issue to be fixed, so the ransom was paid.

This may be indicating a shift in, or expansion of, attack targets, reflecting the different motives behind hackers: those who want information, and those who want money. It also illuminates the fact that anyone can be a victim. Always be prepared, for the next shift in targets might be your industry.

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 50% increase in productivity by using Giva's integrated custom forms
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use