fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Scripps Health Notifies Patients of Data Breach After Ransomware Attack

Scripps Health Notifies Patients of Data Breach After Ransomware Attack

Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.

The healthcare provider has five hospitals and 19 outpost facilities with over 3,000 affiliate physicians. Every year, Scripps Health treats more than 700,000 patients.

On April 29th, Scripps Health suffered a cyberattack where threat actors deployed ransomware on their network and encrypt devices.

The attack caused the healthcare provider to suspend their IT systems, including public-facing portals, including MyScripps and scripps.org.

Due to the attack, hospitals in Encinitas, La Jolla, San Diego, and Chula Vista no longer received stroke or heart attack patients, which were diverted to other medical facilities.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Hackers stole patient data during the attack

On Tuesday, Scripps Health released an updated report on the attack and says that threat actors stole patient data during the attack.

“The investigation is ongoing, but we determined that an unauthorized person did gain access to our network, deployed malware, and, on April 29, 2021, acquired copies of some of the documents on our systems,” said an updated Scripps Health security incident notice.

“By May 10, 2021, we were able to access a limited number of documents involved in the incident and, after a thorough review, determined that some of those documents contained certain patient information.”

“As the investigation is ongoing, we do not yet know the content of the remainder of documents we believe are involved, though we are working with third party experts to determine those facts as quickly as possible.”

When ransomware operations breach an organization, they will first silently spread throughout the network while stealing files and data. Once they gain access to a Windows admin account and the domain controller, they deploy the ransomware to encrypt devices.

The ransomware gangs then use the stolen data as leverage by saying they will release the stolen data on data leak sites if the victim does not pay the ransom.

After investigating the stolen data, Scripps Health determined that the attackers stole personal information for certain patients.

“For certain patients, this information included one or more of their names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and/or clinical information, such as physician name, date(s) of service, and/or treatment information,” warns Scripps Health.

“For less than 2.5% of patients, Social Security numbers and drivers’ license numbers were also affected.”

“Importantly, this incident did not result in unauthorized access to Scripps’ electronic medical record application, Epic. However, health information and personal financial information was acquired through other documents stored on our network.”

For those patients whose data was exposed, Scripps Health has begun mailing notification letters on June 1st, 2021.

If the attack exposed a patient’s Social Security or driver’s license numbers, the healthcare provider also provides a free one-year subscription to credit monitoring and identity protection services.

Also Read: How to Comply with PDPA: A Checklist for Businesses

It is unknown which ransomware operation conducted the attack, and none of the stolen data has been publicly released at this time.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us