Ransomware Attack Disrupts Scripps Health
A ransomware attack against Scripps Health in San Diego over the weekend underscores the potentially dangerous impact cyberattack incidents can wreak on health care providers.
“Showing just how low cybercriminals will go, the attack on a major healthcare facility like Scripps highlights the dark side of ransomware, disturbingly putting lives at risk,” said Edgard Capdevielle, CEO at Nozomi Networks. “The truly sad reality is no one is immune from ransomware, and, like good medicine, the best defense is prevention.”
Scripps Health initially soft-pedaled the attack, the San Diego Tribune reported after viewing an internal memo. But the reality was much, much worse. The health system was forced into EHR downtime with some critical care patients redirected to other medical facilities after two of its four main hospitals and its backup servers, located in Arizona, were disrupted in the attack.
The system also was forced to take its MyScripps patient portal offline and medical imaging was down in the aftermath. Telemetry monitoring was also affected, forcing providers to rely on paper records. That’s right, paper.
The health system didn’t provide details of the attack, saying only that its technology servers were hacked – experts’ best guesses are that the attack was the result of a phishing campaign; perhaps, in particular, spear-phishing. But four days later, the disruption continued and the company couldn’t say for sure if personal information had been compromised. NBC San Diego reported that Scripps, responding to a patient’s online query, said, “We are still in the process of assessing the extent of this attack. If any patients’ information was compromised, we will be reaching out to them.”
As of Tuesday night, Scripps.org was still offline.
“As health care workers take on such a critical role in the pandemic and vaccine rollout, hospitals and health care providers need to ensure security in every aspect of their employees’ work to prevent cyberattacks,” said Jerome Becquart, COO of Axiad.
That includes, he said, adopting multifactor authentication, safeguarding against phishing, shoring up passwords that have been created for convenience and, in the case of health care workers, used many times throughout a shift.
“The less time health care employees spend logging in and out of systems, resetting passwords, or dealing with credential issues, the more time they can spend on their critical work,” he explained.
Still, “the truly sad reality is no one is immune from ransomware, and, like good medicine, the best defense is prevention,” said Capdevielle.
Even sadder: “The health care industry is notorious for underspending on IT, and malicious actors know the data they can glean from a health care hack is especially lucrative on the dark market,” said Alexa Slinger, identity management expert, OneLogin. The folly of underspending was exacerbated by health care’s rapid acceleration of digital transformation efforts once the pandemic struck.
“Oftentimes, health care facilities are using outdated legacy infrastructure and unpatched hardware and software systems, which make them easy targets for hackers seeking valuable patient records and research data,” Slinger said. “In addition, health care systems are often highly connected, meaning that when a breach does impact one part of the system, it has the potential to bring down the whole system.”
It’s imperative, then, that healthcare organizations must factor the probability of ransomware attacks into their incident response (IR) and business continuity plans,” said Capdevielle. “This includes training staff on the threat and the techniques cybercriminals will use to get into systems, and carrying continuous security monitoring across IT and OT networks to identify malicious activity or vulnerabilities that cybercriminals could exploit.”
Beyond a technical response, he said, “decision makers need to be prepared to weigh the risks and consequences of alternate actions.”
