Flippin' on Scripps | Another Week, Another Hack! Ransomware

Another Week, Another Hack! Ransomware – Flippin’ on Scripps

 

Flippin’ on Scripps: Today we have another installment of “Another Week, Another Hack,” and this time, the world-renowned Scripps Institute was the one who got hit.

Ransomware

Based in lovely San Diego, California, the Flippin’ on Flippin’ on Scripps Institute holds over 1000 patents, 9 FDA approved therapeutic drugs, and in May of 2021, one nasty ransomware attack.  Somewhere in the ballpark of 147,000 patient records including personal medical and financial data were compromised.  A good chunk of Scripps’ IT Systems were forced to go offline for several weeks and staff had to go back to paper records for the time being.

Scripps is estimating over 90 million in lost revenues due to the breach and another 20-million-plus in expenses in righting the ship.  No small chunk of change.

 

To further complicate matters, the compromised patients and their attorneys in this case are bringing no less than four class-action lawsuit against Flippin’ on Scripps.  Some early asks are about $4,000 per leaked record.  Now I’m no math wizard, but a quick calculation tells me that adds up to almost $600 million and that’s before the inevitable punitive damage claims come around.

That.  Hurts.  Bad.

So what happened exactly?  This is tough to say definitively because there’s been little released from Scripps, quite possibly due to the pending litigation. If you care to read the corporate statement, it’s in the notes below. https://www.nbcsandiego.com/news/local/what-we-know-about-scripps-health-cyberattack/2598969/

Now Scripps being a Medical Institution and bound under HIPAA compliance laws, a breach of this nature is particularly troublesome.  It’s tough to speculate as we have no idea what actually went down since Scripps ain’t talking, but clearly some of the guidelines were at the very least, loosely abided by. 

Enforcement of these rules are fairly lax, and the typical small provider isn’t likely to face a lot of scrutiny.  When it’s a big institution, and it’s public like this, those fines are right around the corner.  Plus if they claimed they were in compliance but the investigation shows they were not, those Cyber Insurance policies are not going to pay out either.

This is definitely a case where it would have paid to have been diligent ahead of time.  Once it’s all said and done, Scripps could be looking at upwards of a billion dollars in losses.  I can see a much stronger cyber security position in their future.  If something like this doesn’t get people to take action, I’m really not sure what will.

Well that wraps up this edition of Another Week, Another Hack.  Does this event get you to take cyber security a bit more seriously?  Let’s face it folks, it’s only a matter of when the next big breach happens, and now that you’re aware of what could be at stake, I’m sure you’ll take action to make sure it doesn’t happen to you!  I’d love to hear your thoughts in the comments below, please like and subscribe, and I’ll catch you on the next one!

Click here to schedule a free 15-minute meeting with Stan Kats, Founder and Chief Technologist.

STG IT Consulting Group proudly serves Greater Los Angeles and surrounding areas for all of your IT needs.

We look forward to meeting with you!

STG IT Consulting Group's Logo

Leave a Reply

Your email address will not be published. Required fields are marked *