San Diego-based Scripps Health is notifying more than 147,000 individuals that their protected health information was exposed during a malware attack on its information systems last month, according to a June 1 KNSD report.
"We are beginning to mail notification letters to approximately 147,267 individuals so they can take steps to protect their information," Scripps wrote in a statement to the network.
Scripps discovered unusual network activity affecting some of its IT systems on May 1; after launching an investigation, the health system found that an unauthorized person gained access to its network and deployed malware. On April 29, the hacker stole copies of documents on Scripps' systems, which contained certain patient information, the health system said in a June 1 cyber incident update.
For certain patients, information exposed included names, addresses, birthdates, health insurance data, medical record numbers, patient account numbers and treatment details. Less than 2.5 percent of individuals' Social Security numbers and/or driver's license numbers were involved, and Scripps is providing these people with free credit monitoring and identity protection services.
Scripps took its information systems offline May 1 in response to the ransomware attack. During nearly one month of EHR downtime, the health system operated using established backup processes, including offline documentation methods. Scripps continued care at its outpatient urgent care centers, Scripps HealthExpress locations and all its emergency departments.