By Audrie Ramirez, information security intern, UCOP. Patrick Phelan is chief information security officer (CISO) at UCSF, one of the top health care institutions in the United States. He has spent his entire career in IT within the UC system. A Bay Area native, Phelan moved to Los Angeles to attend UCLA where he majored in computer science. One of his first exposures to computer security was discovering a password-stealing program running in the dorm computer lab where he worked.
Phelan became UCSF CISO during a time when corporate data breaches filled the news. Medical centers are big targets for hackers and UCSF recognized it needed to tighten IT security or end up on the news too.
Over the past two years Phelan has concentrated on initiatives designed “to protect the confidentiality, integrity, and availability of all our data and electronic assets.” He said, “Given infinite money and time, you could make systems nearly completely secure, but that’s not practical or even desirable – we have to choose our protections very carefully. Go overboard and you create secure but unusable systems. We’re racing to improve our security without impeding the amazing research and patient care happening at UCSF.”
He is particularly excited about implementing new technology this year to protect against “advanced persistent threats,” when an unauthorized person gains and maintains network access, going unnoticed and potentially stealing data. These are increasingly common and difficult-to-detect attacks. He also worries about the thought of hackers using medical devices to cause harm. “Manufacturers aren’t paying attention to the security of these devices as much as they should be.”
When asked about the best part of his job, Phelan said, “I like feeling like I have a direct impact on keeping UCSF safe, and I get to work with a ton of smart people. My team is amazing, and I learn from them all the time.”
As far as life outside security? Phelan said, “I have a pretty insane ‘50s, ‘60s, and ‘70s record collection that takes up most of the living room. I’ve been collecting since I was about 12 years old.”
Phelan’s tips for protecting yourself against cyber-crime:
“Stop using computers and smartphones. Do all your work on typewriters!”
- Recognize phishing messages and report them to your local IT help desk. Phishing is one of the most likely ways you’ll fall victim to cyber-crime.
- Use two-factor authentication with your Google, Facebook, and any other account that offers it. Also, don’t use the same password everywhere.
- Encrypt your computers and phones. They are lost and stolen constantly.
- Patch your computers. Use anti-virus software. Consider this basic hygiene.
- Pay attention to privacy. Don’t overshare with apps or the Internet at large.