Scripps Ransomware Attack

Scripps Health Ransomware Attack: Healthcare, the Biggest Target for Cybercriminals

There has been an unprecedented increase in cyberattacks targeting healthcare infrastructure over the last year. Hospitals and other healthcare facilities already grappling to deal with the Covid-19 crisis and relying on quick-fix telehealth solutions became a breeding ground for cyberattacks. There were 92 ransomware attacks that impacted more than 600 healthcare facilities, exposing 18 million patient records and costing more than $20 billion in 2020. The massive Blackbaud attack alone compromised more than 3.4 million patient records from over 80 organizations dealing with health data. The threat landscape surrounding healthcare in 2021 doesn’t seem to be much forgiving either.

Scripps Ransomware Attack: What Happened?

On May 1, a ransomware attack forced management at Scripps Health, based in San Diego, California, to suspend user access to its IT systems and applications. Crucial components of health services including the Electronic Health Record website, telemetry data, and patient portal remained inaccessible for weeks after the attack.

The ransomware attack had the Scripps staff resort to EHR downtime procedures. Providers shifted to pen and paper for maintaining records and several much-needed consultations, medical procedures and surgeries had to be postponed. Critical care patients had to be shifted to nearby hospitals, putting immense pressure on local healthcare sites to deal with such a sudden influx of patients. Scripps also joined hands with LabCorp and Quest Diagnostics in order to provide lab services during the outage.

Authorities at Scripps Health have been rather silent about the details of the cyberattack as the investigations are ongoing. But the attack seems to be reminiscent of last year’s ransomware attack at the UHS that resulted in EHR outages at all 400 UHS’ care sites. The little information provided by Scripps Health CEO and president Chris Van Gorder suggests that Scripps is working alongside law enforcement agencies and a third-party cybersecurity firm to investigate the attack and put things back on track. Talks between the Scripps administration and the hackers for a possible way out are also underway.

As per the latest reports, employees have regained access to certain features including patient records, emails, the emergency response communication tool, and payroll. Scripps.org is partially recovered and certain features are up and running, as suggested by the tweet from Scripps on the 20th of May. However, the patient portal is still down three weeks after the attack.

Cyberattacks will Keep Getting Bolder

In recent years, loopholes in critical infrastructure OT and IT systems have been efficiently
manipulated by hackers, posing serious menaces to all sectors. Neither government institutions nor private organizations are safe from the attacks of the cyberpunks, sponsored by nation-states in some instances. These attacks are often too sophisticated to prevent, detect and contain, Solar WInds hack being a prime example. And in many cases, organizations are left with no option but to cave in to the demands of cybercriminals.

Healthcare, despite being one of the biggest targets of cyber crimes, has grossly remained unprepared to deal with the lingering threats. This lack of cybersecurity initiatives and the belief that paying the ransom can be an easy way out, especially with cyber liability insurance, just adds to the issue as new ransomware variants become more nuanced and complicated.

Final Word

Sincere efforts are required to overcome the severity of this ever-growing hazard. Organizations can protect themselves from huge losses and widespread chaos by taking several small steps, such as careful assessment of third-party vendors, implementing multi-factor authentication, scheduling regular, off-site data backups, performing data encryption, and investing in SIEM tools. Now is the time to take state-sponsored masterminds and big game hunters seriously and allocate budget and resources for cybersecurity programs accordingly.