Skip to content
  1. Home > About > Annual Report > 2023 > Protection Across the Systems

Protection Across the Systems
Security Risk Assessments

A man and a woman wearing masks with the woman in a lab coat diligently operating a machine in a laboratory at the University of California.

The average cost of a data breach in 2023 was $4.45M. (Source: IBM Cost of a Data Breach Report 2023, IBM Security)

Bad actors focusing on software breaches with suppliers are on the rise, and they have the capability to inflict widespread harm that impacts both the main target and their customers. The Office of the President addressed the increased risk of data breaches by creating a new centralized unit to assess location and third-party supplier risk. The purpose of the new cyber risk assessment unit is to establish a repeatable risk methodology, reduce redundancies in current processes, and improve executive visibility. An added benefit is sharing risk assessment information across the system to make more informed investment decisions.

UC Locations

The new cyber risk assessment unit will work with UC locations on self-cyber assessments to identify various risks that could affect UC assets, including hardware, systems, applications, laptops, research data, and intellectual property. UC location assessments will be performed in accordance with an established systemwide risk methodology and standard metric tracking.

Suppliers

Supplier assessments analyze the risks introduced to UC via relationships along its ecosystem or supply chain, which may include suppliers, partners, affiliates, contractors, or service providers with access to UC internal data, systems, processes, or other privileged information.

Health Affiliates

Security risk assessments at existing and new UC health affiliates are coordinated regularly to find potential cybersecurity vulnerabilities. Assessments help to ensure HIPAA compliance and keep patient records safe.

Security Risk Assessments Minimize Risk at Health Affiliates

 A landscape view of UCSF Mission Bay, which is a teaching, research and clinical care campus. Downtown San Francisco is shown in the background.

 

Part of the mission of the University of California Health (UCH) is to “deliver exceptional care that improves the health and well-being of all people living in California, the nation and the world.”

To help extend its reach, UCH partnered with Community Affiliates to exchange best practices and share the latest advancements in treatment and technology. The Community Affiliate clinics performed 865,000 ambulatory patient visits in 2022, accounting for 29.5% of the total ambulatory visit volume.

A component of the important partnerships involves the affiliates getting access to UC’s patient record software, enabling patients to have a single medical record and making it easier for medical professionals to help patients. Given the sensitive nature of medical records, patient data, and financial data, health care organizations are a prime target for cyberattacks. In fact, for the 13th year in a row, the health care industry reported the most expensive data breaches at an average cost of USD 10.93 million. (Source: IBM Cost of a Data Breach Report 2023, IBM Security)

To minimize risk in providing access to affiliate providers, C3 coordinates SRAs. These evaluations systematically pinpoint and address potential cyber threats to affiliates and their critical information assets. Conducted at regular intervals, SRAs play a pivotal role in fortifying patient privacy and ensuring robust security measures.

50+ Security Risk Assessments (SRAs) performed at University of California Health Community Affiliates 

Copyright © Regents of the University of California | Terms of use