Lessons to Learn From Scripps

This past weekend the Scripps chain of hospitals in Southern California was hit with a ransomware attack. The attack successfully shut down their EHR, their patient portal, and their website. At this time the company is still in recovery mode and details are to be forthcoming.

What we do know, and this proves yet again, is we are all vulnerable to a ransomware attack. Scripps is a company that has long taken their cybersecurity seriously and they’ve invested the resources necessary to ensure they’re as protected as possible – and yet their systems still failed. 

The takeaway from this is if a company with all of the cyber-defense tools possible can still be taken offline, what does it say about you? If you think you’re too small, guess again, the number of small businesses being shut down from ransomware attacks is growing every day. And yes, by small I mean medical offices with fewer than 10 employees as well. The damage to data, infrastructure, and reputation has proven to be too much to overcome for many businesses, and often simply paying the ransom doesn’t solve the problem. Once that’s done, even if the crooks do provide the encryption key, you have the HIPAA issues to address. In all, it’s a messy place to find yourself in, and right now Scripps is in the middle of it. 

You may not be able to prevent an attack, but you can certainly reduce your risk. Having an independent company evaluate the security of your network is a big step in the right direction. Keeping your staff on the alert for suspicious emails and other phishing and vishing attempts will help as well, and the best way to do that is through regular training and sharing reminders like this with them. 

Finally, while being “HIPAA compliant” is important and will certainly help reduce potential penalties and fines, taking the extra measure of addressing your overall cybersecurity is just as important.

That’s what we do. Our mission with all of our clients is to help them protect their data. We use a number of tools to accomplish this, including taking them through our HIPAA compliance program. But we go further because we believe we have to.  Being HIPAA compliant does not make you cyber secure. Our process does. 

To avoid being shut out or shut down by a ransomware attack, call us today. 

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.