Scripps Health is notifying more than 147,000 patients, staff and physicians that their personal data may have been compromised in a recent ransomware attack.

The San Diego-based healthcare group took most of its network offline and suspended access to several applications following a ransomware attack at the beginning of May. The attack caused a four-week disrupton with patient appointments’ having to be canceled or rescheduled.

Scripps announced on Tuesday that is had begun notifying 147,267 individuals that their health information and personal financial information may have exposed. 

Data compromised includes heath information, Social Security numbers, driver’s icense numbers, and financial information. 

In a letter sent to patients, Scripps stated that an investigation into the incident revealed that an unauthorised person had gained access to the healthcare provider’s network, and extracted copies of some documents before deploying ransomware.

Although no evidence had been found of the exposed data being used to commit fraud, Scripps has offered credit monitoring to those affected by the attack.

“We have kicked off an extensive manual review of those documents. This is a time-intensive process that will likely take several months, but we will notify affected individuals and entities as quickly as possible in accordance with applicable regulatory requirements,” the healthcare provider said.


PrivSec Global

Make sure to register to PrivSec Global now and tune into “Data Breaches: It Does Happen to Every Company, It Does Happen All The Time, and It Is a Big Deal.”

23 June at 3pm BST | 4pm CEST | 9pm HK

Speakers include:

  • Carter Schoenberg, VP Cybersecurity and Chief Cybersecurity Officer, SoundWay Consulting Inc
  • Jennifer Beckage, Founder, Esq., CIPP/US, CIPP/E, Beckage
  • Victoria van Roosmalen, CISO/DPO, Coosto
  • Rebecca Perry, CIPP US/G, Director of Strategic Partnerships, Exterro

Register now