Is this a cautionary tale for the industry or a call to action?
Scripps Health's Epic EHR system and online patient portal were restored May 27, nearly four weeks after a ransomware attack knocked the San Diego-based health system's network offline, The San Diego-Union Tribune reported.
A Scripps nurse told the Tribune that the EHR returned to service at 4 a.m. on May 27. Scripps regained read-only access to Epic last week, which let staff look up past test results, clinician notes and other records created before the May 1 attack.
Scripps said it is unsure whether any patient data was affected by the incident and that it will notify any affected individuals if their data was exposed once the investigation ends.
They gained access, they likely had access over an extended period of time and they got to the crown jewels, the EHR. The security posture was not what they thought it was, architecture was not as well thought out as we needed it to be, and the resilience of technology platforms was easily compromised. 4 weeks is not on anyones RTO - Recovery Time Objective.
What did we learn? How are we talking about this around healthcare?