The San Diego healthcare provider is notifying 147,267 people to let them know that some of their patient info was acquired by the ransomware attackers.
Scripps confirmed that the attack that crippled the system's operations last month also impacts patient records. While the full scope of the data breach is still being investigated, they issued a statement on Tuesday which said "unauthorized person" gained access to Scripps' network and while the individual did not access Epic, Scripps' electronic medical record application, "health information and personal financial information was acquired through other documents stored on our network."
They referred to the investigation as "a time-intensive process that will likely take several months, but we will notify affected individuals and entities as quickly as possible in accordance with applicable regulatory requirements."
Scripps Health has set up a dedicated call center for anyone who has questions about the data breach. It is open weekdays from 6:00am to 6:00pm at 855-535-1822
"Maintaining the confidentiality and security of our patients' information is something we take very seriously, and we sincerely regret the concern this has caused our patients and community," Scripps' statement read. "It is unfortunate that many health care organizations are confronting the impacts of an evolving cyber threat landscape. For our part, Scripps is continuing to implement enhancements to our information security, systems, and monitoring capabilities. We also continue to work closely with federal law enforcement to assist their ongoing investigation."
Photo Credit: Walleigh~commonswiki