SAN DIEGO (KGTV) - Serious concerns have now been raised following this week's bombshell announcement from Scripps Health that personal information of nearly 150,000 patients was compromised during last month's crippling cyberattack.
Mike Hamilton with CI Security said on Wednesday that there are a few big questions. He asked, "Is there actual harm to the people whose records were disclosed or were they just used as leverage to get the ransom paid? Then, what's going to happen in terms of the inquiries into the executive behavior? In terms of resourcing security prior to this event?"
In a notice to patients on Tuesday, Scripps Health confirmed that an unauthorized person hacked its network and got copies of documents before deploying ransomware. The letter reads in part that health information and personal financial information was acquired.
Hamilton and other experts said that when it comes to potential identity theft, focus needs to be put not just on the breached financial data, but on the health data, too. "You can change a credit card number. You can't change your DNA," he added.
Expert Kira Caban with Protenus told ABC 10News, "That information is highly sensitive. There are some diagnoses that maybe you want to keep private [and] that you don't want out in the public and if someone can get a hold of that information and can do whatever they want with it, I think that [is] something that a patient should be concerned about."
She added that health information is highly valuable because it can't be changed. "[If] hackers in the Scripps incident got that information, they could sell it on the dark web and sell it for close to a thousand dollars per medical record," she stated.
Another security expert told ABC 10News that if patients are worried about comprised medical data, they should alert their health insurance provider about the cyberattack and monitor their insurance statements for fraudulent activity.
According to Scripps Health, at this point there is no indication that the data has been used to commit fraud.
The hospital network is offering free credit monitoring and identity protection support to the patients whose driver's license numbers and/or social security numbers were affected.
