Jump to content
  • Scripps Health notifies patients of data breach after ransomware attack


    Karlston

    • 549 views
    • 3 minutes
     Share


    • 549 views
    • 3 minutes

    Scripps Health notifies patients of data breach after ransomware attack

     

    Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.

     

    The healthcare provider has five hospitals and 19 outpost facilities with over 3,000 affiliate physicians. Every year, Scripps Health treats more than 700,000 patients.

     

    On April 29th, Scripps Health suffered a cyberattack where threat actors deployed ransomware on their network and encrypt devices.

     

    The attack caused the healthcare provider to suspend their IT systems, including public-facing portals, including MyScripps and scripps.org.

     

    Due to the attack, hospitals in Encinitas, La Jolla, San Diego, and Chula Vista no longer received stroke or heart attack patients, which were diverted to other medical facilities.

    Hackers stole patient data during the attack

    On Tuesday, Scripps Health released an updated report on the attack and says that threat actors stole patient data during the attack.

     

    "The investigation is ongoing, but we determined that an unauthorized person did gain access to our network, deployed malware, and, on April 29, 2021, acquired copies of some of the documents on our systems," said an updated Scripps Health security incident notice.

     

    "By May 10, 2021, we were able to access a limited number of documents involved in the incident and, after a thorough review, determined that some of those documents contained certain patient information."

     

    "As the investigation is ongoing, we do not yet know the content of the remainder of documents we believe are involved, though we are working with third party experts to determine those facts as quickly as possible."

     

    When ransomware operations breach an organization, they will first silently spread throughout the network while stealing files and data. Once they gain access to a Windows admin account and the domain controller, they deploy the ransomware to encrypt devices.

     

    The ransomware gangs then use the stolen data as leverage by saying they will release the stolen data on data leak sites if the victim does not pay the ransom.

     

    After investigating the stolen data, Scripps Health determined that the attackers stole personal information for certain patients.

     

    "For certain patients, this information included one or more of their names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and/or clinical information, such as physician name, date(s) of service, and/or treatment information," warns Scripps Health.

     

    "For less than 2.5% of patients, Social Security numbers and drivers’ license numbers were also affected."

     

    "Importantly, this incident did not result in unauthorized access to Scripps’ electronic medical record application, Epic. However, health information and personal financial information was acquired through other documents stored on our network."

     

    For those patients whose data was exposed, Scripps Health has begun mailing notification letters on June 1st, 2021.

     

    If the attack exposed a patient's Social Security or driver's license numbers, the healthcare provider also provides a free one-year subscription to credit monitoring and identity protection services.

     

    It is unknown which ransomware operation conducted the attack, and none of the stolen data has been publicly released at this time.

     

     

    Scripps Health notifies patients of data breach after ransomware attack


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...