Menu
Browse

Cyber Threat Actor: Scripps Hackers

Actor Type Location Known Incidents
 Icon
Hacker
United States of America
1 incident
Profile

Threat Actor Profile: Scripps Hackers

Overview

The Scripps Hackers are a threat actor group responsible for the 2021 ransomware attack on Scripps Health, a nonprofit healthcare provider in San Diego, California. The group's actions resulted in significant disruptions to patient care services, highlighting the attractiveness of healthcare providers as targets for ransomware gangs.

Motivations and Goals

The primary motivation of the Scripps Hackers appears to be financial gain through ransom demands. The group's attack on Scripps Health was likely driven by the desire to exploit the organization's sensitive data and critical services, which are essential to the provision of healthcare.

Tactics, Techniques, and Procedures (TTPs)

The Scripps Hackers employed ransomware in their attack on Scripps Health, which is a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key. The group's TTPs likely involved:

1. Initial access: The group gained initial access to Scripps Health's network, potentially through phishing or exploitation of vulnerabilities.
2. Lateral movement: The group moved laterally within the network, compromising multiple systems and gaining access to sensitive data.
3. Ransomware deployment: The group deployed ransomware, encrypting files and disrupting critical services.
4. Ransom demand: The group demanded payment in exchange for the decryption key, likely in the form of cryptocurrency.

Targets and Victimology

The Scripps Hackers targeted Scripps Health, a nonprofit healthcare provider in San Diego, California. The group's attack highlights the attractiveness of healthcare providers as targets for ransomware gangs, due to their:

1. Sensitive data: Healthcare providers possess sensitive patient data, making them attractive targets for ransomware gangs.
2. Critical services: Healthcare providers offer critical services, which can be disrupted by ransomware attacks, making them more likely to pay ransom demands.

Attribution and Affiliations

There is currently no publicly available information on the attribution or affiliations of the Scripps Hackers. The group's identity and motivations remain unclear, and it is unknown whether they are affiliated with other threat actor groups.

Impact and Consequences

The Scripps Hackers' attack on Scripps Health had significant consequences, including:

1. Disrupted patient care services: The attack resulted in the suspension of user access to Scripps Health's online portal and the redirection of critical-care patients to other hospitals.
2. Financial impact: The attack likely resulted in significant financial losses for Scripps Health, including the cost of restoring systems and paying potential ransom demands.
3. Reputational damage: The attack damaged Scripps Health's reputation, highlighting the organization's vulnerability to cyber threats.

Mitigation and Recommendations

To mitigate the risk of similar attacks, healthcare providers should:

1. Implement robust cybersecurity measures, including regular software updates and patches.
2. Conduct regular security audits and risk assessments.
3. Develop incident response plans to quickly respond to ransomware attacks.
4. Provide employee training on cybersecurity best practices, including phishing awareness.

By understanding the TTPs and motivations of the Scripps Hackers, healthcare providers can better prepare themselves for potential ransomware attacks and reduce the risk of similar incidents.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources