Cybersecurity and Medical Facilities

Yet another medical facility pwned

-Charles Parker

Medical facilities continue to be pwned by the attackers, week after week, month after month. The latest victim is Scripps Health. May 2, 2021 Scripps was the victim of an attack, which successfully breached its system. The method of malware being placed on the information system has not been published yet. The malware was not trivial, as the administrator was forced to suspend access to a large portion of the network. Scripps posted on Twitter (May 20th) that most of the functions of their website, scripps.org, were operational again. The other functions were still being worked on. One function still to be addressed was the patient portal, which as of May 20, was still offline. Scripps was still researching the breach as of the May 20 date and weren’t completely sure whether the patient data was affected. If this was, the organization would go through the standard notification process. With any institution, but especially those who are stewards of valuable data, cybersecurity can’t be ignored or placed in a situation of just checking the box. As the attacks continue to ramp up and become yet more common, breaches like this and much worse are going to continue.

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.