Scripps Health has been hit in a ransomware attack that exposed patient information. The hospital has informed the affected patients about the breach.
Scripps Health is a multi-specialty healthcare provider with over 3,000 affiliate physicians across five hospitals and 19 outposts.
On April 29, 2018, the healthcare provider was hit by a ransomware attack during which actors deployed ransomware on and encrypted data. The hospital had to suspend its IT systems and take offline public-facing portals, including MyScripps and scripps.org.
When a ransomware attack succeeds in breaching an organization, it silently spreads throughout the network. Once it gets access to the organization’s Windows administrator account, the attackers can then encrypt devices. The criminals then leverage the stolen data to make victims pay the ransom.
Due to the attack on Scripps Health, many hospitals in San Diego and La Jolla stopped receiving stroke and heart attack patients.
On Tuesday, Scripps Health released a report saying on April 29, 2021, an unauthorized party gained access to the network and stole patient data during a massive attack.
“The investigation is ongoing, but we determined that an unauthorized person did gain access to our network, deployed malware, and, on April 29, 2021, acquired copies of some of the documents on our systems,” said Scripps Health security incident notice.
The investigation confirmed a limited number of documents with patient information leaked in the incident:
“By May 10, 2021, we were able to access a limited number of documents involved in the incident and, after a thorough review, determined that some of those documents contained certain patient information. As the investigation is ongoing, we do not yet know the content of the remainder of documents we believe are involved, though we are working with third party experts to determine those facts as quickly as possible.”
For some patients, this information included their names, addresses, dates of birth, and health insurance information.
“For less than 2.5% of patients, Social Security numbers and drivers’ license numbers were also affected.“
Although the incident did not result in the unauthorized access of Epic, Scripps’ electronic medical record application, it did expose sensitive information about patients.
If a hacker was able to steal a patient’s identity, the healthcare provider offers a free credit monitoring or identity protection service.
It is not known which ransomware operation carried out the attack, and the stolen data has not been released publicly at this time.