San Diego, California-based Scripps Health announced Tuesday, June 1, 2021, that it is currently in the process of notifying affected users of a ransomware incident that happened late in April 2021. Approximately 147,000 people have reportedly been affected by the cybersecurity incident.
Scripps Health is a nonprofit healthcare provider based in San Diego. In total, Bleeping Computer states the healthcare provider operates five hospitals and 19 outpost facilities, with the company employing more than 3,000 affiliate doctors.
It supposedly sees over 700,000 patients year after year, making it the second-largest medical provider in San Diego, notes The San Diego Union-Tribune.
In an updated report released to the public on Tuesday, Scripps Health said that they have “determined that an unauthorized person did gain access to our network, deployed malware, and, on April 29, 2021, acquired copies of some documents on our systems.”
“By May 10, 2021, we were able to access a limited number of documents involved in the incident and, after a thorough review, determined that some of those documents contained certain patient information,” continued the statement.
Among the compromised information of patients include their personal details, such as their names, dates of birth, addresses, health insurance information, patient account numbers, and medical records. In addition to these, clinical information which pertained to the patients’ physician’s name, date of service, and treatment information was also compromised in the attack.
Meanwhile, The San Diego Union-Tribune also reported that less than 2.5% of patients from Scripps Health have had their Social Security numbers and drivers’ license numbers compromised.
Although the hacker gained access to Scripps Health’s network, the company maintains that the attacker failed to infiltrate the main electronic medical record application of the firm called Epic.
Following the incident, the healthcare provider launched an investigation to further know more about the extent of the data breach. Moreover, it has also enlisted the help of third-party experts to gain insight into cybersecurity attacks in the fastest way possible.
The healthcare system will also be offering free credit monitoring services, as well as identity protection services, to individuals who may have had their Social Security numbers and or driver’s license numbers exposed.
Scripps Health has started notifying affected parties on the first of June, 2021 through the mail. In its statement, the company also apologized to the public saying, “Maintaining the confidentiality and security of our patients’ information is something Scripps takes very seriously. We deeply regret that this incident occurred and any concern this may cause.”