News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Healthcare Breach Letter Makes Ginger’s Tapdancing Look Like Amateur Night

    Home Forums Code Red – Security/Privacy advisories Healthcare Breach Letter Makes Ginger’s Tapdancing Look Like Amateur Night

    Viewing 0 reply threads
    • Author
      Posts
      • #2365502

        Scripps Hospitals/Health Systems Response To Ransomware Attack Makes One Patient Sicker

        A friend of mine who uses this hospital, and it’s doctors, labs, operating rooms, etc etc, got this cheery missive today, Saturday the 15th. I must say that the contents look, to me, one better than the “Friday Night Surprise”. Perhaps we could call it the “Saturday Morning Under-The-Volleyball-Net-Medicine-Ball-To-The-Gut”. In places it’s pure Monty Python. Here are a few happy excerpts:

        “Dear Valued Scripps Patient,

        “As you may have heard, Scripps Health experienced a cyber security incident (Did I hear “Ransomware?”) on May 1 that resulted in disruption to our IT systems at our hospitals and facilities. Now, as always, providing you with the care you need is our number one priority. (That’s twice, now, with the ‘priority’ bit. You’re sounding redundant.) We remain open and here for you. We are working around the clock to restore our systems and have in place back up processes so we can continue to serve you, so please don’t hesitate to come in for needed care.

        Translation: “Our Substandard IT Security Processes caught us with our pants down, and we didn’t even have backups. The systems still down, but feel free and come in and have us work on you for public consumption. We are VERY open.”

        “What caused the Scripps network outage?”
        “In response to the cyber security incident (Incident? Did someone accidentally delete an X-Ray?) on May 1, our team immediately took steps to contain the malware by taking a significant portion of our network offline. We also immediately engaged outside consultants and experts to assist us in our investigation and other experts to help us restore our systems and get back online as soon as possible. ”

        Translation: “We had virtually no IT security in-house that could find it’s kiester in a brightly lit room with both hands, so we had to pull the plug and yell for help.”

        “When will systems be restored?”
        “Providing the quality and continuity of care that our patients expect from us is our priority. (There’s that “P” word again.) We are continuing to work diligently to restore our systems as quickly and as safely as possible. This process is ongoing and will take time to complete. Unfortunately, we are not able to provide a specific timetable at this time.”

        Translation: “We’re totally borked, and so are you, and we don’t know when, if ever we can get un-borked.”

        It goes on in this bright and snappy tone (in which the word “Ransomware” never appears) to conclude, at the last paragraph:

        “Has my personal data been compromised?
        “The investigation into the scope of the incident (‘Stop saying THE WORD!’*), including whether data was potentially affected, remains ongoing (Can you at least stop saying THAT “O” word too?). Depending on the investigation’s findings, we will be sure to provide notifications to affected individuals in accordance with all applicable laws. ”

        Translation: “We can’t comment on an ongoing investigation because the investigation is still ongoing, and will be ongoing until you forget the fact that your entire medical history, diagnoses, x-rays, scans, treatment, lab results, colonoscopies, doctor’s notes, etc, etc, have been severely compromised, and should form the basis for an interesting class action suit from all you wonderful patients soon.”

        I don’t know about you, but my friend is going to find another hospital and medical system.

        His search is, of course, ongoing, so I can’t comment on his ongoing investigation because….oh, you get it by now.

        *Homage to Monty Python

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        --
        "Civilization is fun! Anyway, it sure keeps me busy["

        -Zippy

        2 users thanked author for this post.
    Viewing 0 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Healthcare Breach Letter Makes Ginger’s Tapdancing Look Like Amateur Night

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.