San Diego-based Scripps Health said Tuesday it is alerting an estimated 147,267 patients whose data was stolen by hackers in last month’s ransomware attack.
A ransomware attack on Scripps ’information systems in early May led the health system to take a portion of its network offline, disrupting access to the health system’s electronic health record system and other applications for several weeks. Scripps’ ongoing investigation into the incident has revealed that hackers who accessed the network stole copies of some documents.
According to Scripps, the stolen documents of the violation contain health information and financial information of some patients. Less than 2.5% – nearly 3,700 – of patients had stolen social security or driver’s license numbers; Scripps will provide free credit monitoring and identity protection services to those patients.
The hackers did not have access to Scripps ’EHR, according to the health system.
Scripps continues to investigate the incident, including the manual review of documents that officials believe were stolen by hackers to determine which patients had data involved in the incident – in a “time-intensive process that will likely take several months.” , according to the health system. He will continue to alert patients as he learns if more people have had data exposed in the cyberattack.
“We have started sending notification letters by post to about 147 267 individuals so that they can take measures to protect their information,” says a statement from the health system. “The investigation is ongoing, and we don’t even know the content of the rest of the documents we believe are involved.”
So far, Scripps has said there is no evidence to suggest that the stolen data was used to commit fraud.
Scripps on May 1 experienced a “disruption” to its IT systems, which was widely linked to the ransomware discovered on the health system’s computer network. Scripps has brought its EHR and online patient portal last week, and Scripps Tuesday said it continued to restore other systems from back-up versions.
Scripps said he used computer consulting and forensic firms to assist in his investigation and that he is “working hard” enforcing federal law.
Rape in Scripps comes as a The American Hospital Association calls the US government to play a major role in responding to ransomware attacks against the healthcare industry.
“It is unfortunate that many healthcare organizations are facing the impacts of an evolving IT threat landscape,” the Scripps statement says. “Maintaining the confidentiality and security of our patients’ information is something we take very seriously, and we sincerely regret the concern this has caused to our patients and the community.”