Scripps Health, a healthcare organization based in San Diego, California, has become the latest victim of a ransomware attack. The organization is still unable to use patient portals, access patient records, and use email.
On May 2, 2021, Scripps Health's servers were hacked overnight in a ransomware attack. This affected two of the organization's hospitals and even backup servers in Arizona.
The ransomware attack has left Scripps Health with difficulty communicating with patients. Hackers rendered its email servers useless, and representatives had to use personal Gmail accounts to communicate with the media. The cyberattack also forced the suspension of patient portals. The Scripps Health website is also down more than a week after the attack. READ MORE: The Costs of Ransomware Attacks Initially, some appointments had to be rescheduled, but not all patients were able to receive confirmation of their appointment times. Due to the Scripps Health website being down, some patients used Facebook Messenger to contact the healthcare provider. So far patient data doesn't seem to be breached, but it may not stay that way if hackers deploy a double extortion attack.
A media representative seemingly using a personal Gmail account released the following statement:
Upon discovering the outage, we immediately initiated an investigation and took steps to contain the outage, including by taking a significant portion of our network offline as a proactive security measure. An independent cybersecurity firm was engaged to assist in our investigation and restoration efforts . . . Scripps technical teams are working 24/7 to restore our systems as quickly and safely as possible, and in a manner that prioritizes our ability to provide patient care.
While it's not clear what caused the ransomware to enter Scripps Health's network, one of the most common methods that hackers use is phishing emails. An employee mistaking a malicious email to be legitimate is one click away to release ransomware onto your network.
READ MORE: Hacking and Human Error: Two Enemies of HIPAA Compliance
That's why employee training is essential to ensuring that employees are prepared to recognize phishing emails and report them to IT. More importantly, you need to build a defense system that blocks cyberattacks and mitigates human error.
Paubox Email Suite Plus is the solution to protect your network and prevent cyberattacks. Our robust inbound security tools stop threats from even reaching a user's inbox. It also enables you to send HIPAA compliant email directly to a patient's inbox. Say goodbye to client portals and hello to easier communication with your patients.