Scripps Health notifies patients of data breach after ransomware attack

Scripps Health notifies patients of data breach after ransomware attack

  • Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.
  • The attack caused the healthcare provider to suspend their IT systems, including public-facing portals, including MyScripps and scripps.org.
  • “The investigation is ongoing, but we determined that an unauthorized person did gain access to our network, deployed malware, and, on April 29, 2021, acquired copies of some of the documents on our systems,” said an updated Scripps Health security incident notice.
  • When ransomware operations breach an organization, they will first silently spread throughout the network while stealing files and data. Once they gain access to a Windows admin account and the domain controller, they deploy the ransomware to encrypt devices.
  • “Importantly, this incident did not result in unauthorized access to Scripps’ electronic medical record application, Epic. However, health information and personal financial information was acquired through other documents stored on our network.”
  • For those patients whose data was exposed, Scripps Health has begun mailing notification letters on June 1st, 2021.

– Lawrence Abrams | June 3, 2021