Los Angeles hospital hacked: Review Information Security best practices

You may have seen media reports this week about a hospital in Los Angeles that paid a ransom to hackers to recover access to its network and its Electronic Health Record. While UNC Health Care has a number of safeguards in place to help prevent such a scenario, we need everyone to be vigilant and aware of the potential for cyberattacks. Please review and share the following information with your teams.

Be on alert for emails that could potentially contain scams and malware

  • Never click on a link or an attachment in an email that you have received that is not business-related or that seems like it is business-related but comes from an unrecognized sender. You can hover over any email address to see the true "sender/recipient."
  • Never respond to an email by providing your login/password.
  • If you have any questions or suspect a message may be suspicious/malicious, email the ISD Information Security Office at .

Keep your password long and strong

  • The Information Security Office conducts regular audits to identify weak passwords and then forces employees to reset their weak passwords. 
  • View UNC Health Care’s password requirements at this SharePoint link

We recommend that all employees limit non-business Internet browsing

  • While UNC Health Care does not have a policy against personal use of our computing environment, we have placed technical controls on our network to steer people from nefarious web sites.
  • However, there are seemingly legitimate websites that can spread viruses and worms. The ISD Information Security Office has cleaned up malware on hundreds of computers in the past year due to web browsing that is not business-related.