This Week Health: Newsroom artwork

Scripps EHR Back Online after 4 Weeks, What's Next?

This Week Health: Newsroom

English - June 01, 2021 15:00 - 6 minutes - 4.83 MB - ★★★★★ - 5 ratings
Medicine Health & Fitness Technology health it healthcare technology cio cmio interoperability news Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Transitions, A Great Time to Make a New Start
Next Episode: 9 Trends Shaping Work in 2021 and Beyond

Is this a cautionary tale for the industry or a call to action?

FTA
Scripps Health's Epic EHR system and online patient portal were restored May 27, nearly four weeks after a ransomware attack knocked the San Diego-based health system's network offline, The San Diego-Union Tribune reported.

A Scripps nurse told the Tribune that the EHR returned to service at 4 a.m. on May 27. Scripps regained read-only access to Epic last week, which let staff look up past test results, clinician notes and other records created before the May 1 attack.

Scripps said it is unsure whether any patient data was affected by the incident and that it will notify any affected individuals if their data was exposed once the investigation ends.

----

They gained access, they likely had access over an extended period of time and they got to the crown jewels, the EHR.  The security posture was not what they thought it was, architecture was not as well thought out as we needed it to be, and the resilience of technology platforms was easily compromised. 4 weeks is not on anyones RTO - Recovery Time Objective.

What did we learn? How are we talking about this around healthcare?

#healthcare #healthIT #cio #ciso #chime #himss #cybersecurity

https://www.beckershospitalreview.com/cybersecurity/scripps-ehr-back-online-nearly-4-weeks-after-ransomware-attack.html

Is this a cautionary tale for the industry or a call to action?

FTA
Scripps Health's Epic EHR system and online patient portal were restored May 27, nearly four weeks after a ransomware attack knocked the San Diego-based health system's network offline, The San Diego-Union Tribune reported.

A Scripps nurse told the Tribune that the EHR returned to service at 4 a.m. on May 27. Scripps regained read-only access to Epic last week, which let staff look up past test results, clinician notes and other records created before the May 1 attack.

Scripps said it is unsure whether any patient data was affected by the incident and that it will notify any affected individuals if their data was exposed once the investigation ends.

----

They gained access, they likely had access over an extended period of time and they got to the crown jewels, the EHR.  The security posture was not what they thought it was, architecture was not as well thought out as we needed it to be, and the resilience of technology platforms was easily compromised. 4 weeks is not on anyones RTO - Recovery Time Objective.

What did we learn? How are we talking about this around healthcare?

#healthcare #healthIT #cio #ciso #chime #himss #cybersecurity

https://www.beckershospitalreview.com/cybersecurity/scripps-ehr-back-online-nearly-4-weeks-after-ransomware-attack.html