Scripps Health expected to lose $106.8m following cybersecurity incident

Scripps Health claimed that it expects to lose around $106.8 million due to a ransomware attack experienced by the organization in May this year. Scripps Health, a California-based nonprofit healthcare provider, has five hospitals and 19 outpatient facilities running under its umbrella.

As a result of the incident, Scripps Health lost access to two hospitals’ information systems where their team couldn’t open the electronic medical record system. Along with this, the offsite backup servers were also affected.

Consequently, this led to re-routing and redirecting its patients to other hospitals. This attack took four weeks to recover. The company also stated that operating revenues and operating expenses for the quarter were impacted by lost revenues and additional expenses incurred during the cyber security incident. The major losses were due to revenues lost during the recovery phase of four weeks.

The healthcare specialist also lost $21.1 million in response and recovery. While the company claims to recover $5.9 million through insurance, it still expects to lose $106.8 million by the end of 2021.

The costs are likely to increase further. The health information of 147,267 patients is said to be compromised in the attack, and so when the organization revealed about the stolen data of patients before encrypting their server, several patients filed lawsuits against them as they failed to protect the patients’ critical data. So the estimate is yet to be done. It is also worthy to note that the losses expected do not include litigation costs.

The healthcare industry has been experiencing major attacks in the past too. There were many incidents reported besides Scripps Health. Ransomware gangs are getting more prompt in their practices, where other primary healthcare providers were also impacted. These include major market players such as Sanford Health and Memorial Health System.