California healthcare provider Scripps is currently informing more than 147,000 individuals that their personal data may have been exposed in a recent cyber-attack against the organizations. Scripps operates five hospitals in San Diego, along with other facilities. The organization took most of its network offline after discovering suspicious activity such as a ransomware infection in the first week of May. Scripps suspended access to several of its applications and services, including MyScripps and scripps.org. Although the network has been restored, the attack caused weeks of disruption and chaos for the nonprofit healthcare organization. Employees were forced to rely on offline documentation, patients’ appointments were canceled or rescheduled, and ambulances had to be diverted.
Scripps has recently found that sensitive information known as PII, personally identifiable information, was exposed in the attack. Scripps is now sifting through the process of mailing letters to each of its impacted patients. Before deploying ransomware, the security incident team had determined that the unauthorized party was able to gain access to Scripp’s network, exfiltrating copies of some documents. This resulted in a breach of patients’ health and financial information, with 2.5% of impacted users’ Social Security numbers exposed as well.
Read More: Scripps Notifying 147K People of Data Breach