Side effects of Scripps ransomware attack continue to be revealed

Print Friendly, PDF & Email

Six weeks after the ransomware attack on Scripps, the healthcare giant is still releasing information on what happened, what was lost, and who has been affected. What we know for sure is that prior to encrypting the files, the attack copied the data of over 147,000 current or former patients. We also know that the Scripps investigation is ongoing, and they may find more compromised records.

Scripps Health is the second-largest health provider in San Diego, treating approximately 700,000 patients every year through four hospitals and multiple outpatient facilities. The non-profit health system has 3,000 affiliated physicians and 15,000 employees. Scripps suspended their IT systems as soon as the attack was noticed and diverted stroke and heart attack patients to other facilities. Medical procedures such as back or neck surgeries have been delayed.

The negative impact on medical care was not the only issue that affected patients. Scripps has announced that 147,000 patients have lost some combination of the following:

“.. one or more of their names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and/or clinical information, such as physician name, date(s) of service, and/or treatment information.”

Of that 147,000, roughly 3,700 patients have had their Social Security numbers and/or driver’s license numbers taken. Those 3,700 patients will receive “one year of complimentary credit monitoring and identity protection support services.”

Patients are also being advised to review healthcare statements for any medical services they did not receive.

Scripps notes that there is no evidence that this data has been used to commit fraud, but that statement means very little this early in the ransomware / data breach timeline. CD Projekt Red suffered a ransomware attack in early February 2021. On June 10, the game developer announced the data stolen in the attack is being circulated online. The exact content of the data is unknown.

To be clear, a data breach victim isn’t safe from ID theft or other fraud simply because the sensitive data hasn’t published on the dark web. BleepingComputer reports that ransomware gangs save the most valuable data for auction or for their own use in future attacks.

Why healthcare is an appealing target for cybercrime

No industry is safe from ransomware attacks, but healthcare is an appealing target because of the critical dependency on their digital assets and the privacy of their patients. Medical networks also have a lot of ‘entry points’ in the many medical devices that are attached to the network but not properly secured. These devices often create a lateral network pathway to valuable data.

A joint cybersecurity advisory was issued at the end of 2020 that underscores the severity of ransomware attacks on healthcare. There’s no reason to think that this threat against the healthcare industry will go away. NPR reports that there are seven ransomware attacks every hour, and a recent study reveals that 40% of new ransomware variants are designed to steal data. That’s up from just one of these variants in 2019.

Barracuda provides security and data protection solutions that protect healthcare organizations from ransomware and other attacks. Visit our website for more information on our ransomware protection.

Scroll to top