Scripps Health Hit by Apparent Ransomware Attack

NOTICE: If you are a Scripps Health patient or received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777

fingertip attempting to touch a digital keyLate on May 1, 2021, Scripps Health detected an apparent ransomware attack on their computer network that significantly disrupted patient care.

The San Diego-based healthcare provider was forced to stop patient access to its online portal, postpone upcoming appointments, and divert trauma patients to other hospitals. Access to electronic medical records and other resources such as medical imaging and telemetry was also affected.

Reportedly, the information systems of at least two Scripps Health hospitals were infected, including backup servers in Arizona. Scripps Health claims to have notified law enforcement and is working around the clock to resolve the security incident.

The healthcare provider has not yet specified the type of cyber attack or further details, such as whether patient records have been compromised. However, IT security experts believe that the incident is a result of ransomware and likely compromised confidential personal records.

Ransomware typically uses malicious software embedded in an email. The software infects the network, encrypts data, and disables critical digital records. A demand for cash payment is then made in exchange for unlocking resources, often accompanied by threats to sell the stolen data on the dark web.

Hospitals are considered “soft” targets for ransomware attacks, and medical information is more valuable than other types of stolen personal information. Hackers view hospital systems as relatively easy to breach and healthcare providers are highly motivated to pay a quick ransom. Healthcare systems also tend to be highly connected, so if a breach impacts one part of the system, it has the potential to impact the whole system.

According to Scripps Health, they are still assessing the extent of the attack and will be reaching out to affected patients.

Scripps Health is a $3.2 billion nonprofit integrated health system in San Diego with over 16,000 employees. The healthcare provider treats more than 700,000 patients annually with 5 acute-care hospitals, home health services, 30 outpatient centers, 14 walk-in clinics, 4 emergency rooms, 3 urgent care centers and hundreds of physician offices.

The Arnold Law Firm is currently investigating the Scripps Health data breach and will continue to provide updates regarding the incident.

NOTICE: If you are a Scripps Health patient or received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possibly developing legal options.