Four weeks after taking its network offline, Scripps Health is still piecing its system back together. A ransomware attack left the healthcare organization struggling to function properly.
On May 1st, hackers began to infiltrate the Scripps Health network, and it was detected the next day. As a protective measure, a large part of the network was taken offline. But this led to extreme difficulty for hospitals to function. Employees couldn't even access electronic health records. Patient portals , email accounts, and the company website were down for several weeks. Not being able to communicate was frustrating for patients as they were unable to confirm or reschedule appointments. There were more questions than answers as Scripps Health stayed silent on the details of the attack.
What's the latest update on the Scripps Health ransomware attack?
Scripps Health spent nearly 4 weeks safely restoring its online network. "Our IT teams and outside consultants are literally working around the clock to restore our systems. Rest assured, we have thorough backups and are using them to help our restoration efforts. Even so, there is no 'easy button.'" said Chris Van Gorder, CEO and president, in a recent statement.
READ MORE: The Costs of Ransomware Attacks
Van Gorder confirms that a ransomware attack was the cause of the systems being taken offline. He also explained that Scripps Health purposefully didn't comment on the attack because "openly sharing the details of the work we have been doing puts Scripps at an increased risk of coming under further attack, and of not being able to restore our systems safely and as quickly as possible for you." By now most of Scripps Health's systems seem to be restored. The website is back online, the patient portal is working, and electronic health records can now be accessed.
Was patient data stolen?
At this time, there has been no confirmation that hackers were able to access protected health information (PHI). The investigation is still ongoing.
What can healthcare organizations do to prevent ransomware attacks?
While it's not clear how ransomware entered the Scripps Health network, it's obvious that healthcare organizations need to stay proactive in protecting their networks from unauthorized users. Consistently evaluating your network for vulnerabilities cannot be overlooked. One possible network vulnerability is email security. Sending HIPAA compliant email that also fights off security threats is possible with Paubox Email Suite Plus. All emails are automatically encrypted and are sent directly to your patient's inbox. Say goodbye to patient portals and login credentials. Paubox Email Suite Plus also includes robust inbound security tools to stop online threats from even entering your employees' inboxes. It's another layer of protection to stop ransomware attacks.