[BreachExchange] Cyberattack forces Scripps Health to go offline, disrupts patient care

[Destry Winant]

https://www.fiercehealthcare.com/tech/scripps-health-struggles-to-restore-systems-after-hit-cyber-attack

San Diego-based Scripps Health is struggling to restore its IT systems
after a cyberattack May 1 that has significantly disrupted care, impacted
email servers and forced medical personnel to use paper records.

Some critical care patients were diverted and the online patient portal was
taken offline, The San Diego Union-Tribune reported.

Scripps Health operates five hospitals in the San Diego area.

In a statement emailed to Fierce Healthcare from a Scripps Health
spokesman, the health system said its facilities remain open for patient
care, including hospitals, emergency departments, urgent care centers,
Scripps HealthExpress locations and other outpatient facilities.

"Our technical teams and vendor partners are working tirelessly to resolve
issues related to the cyber incident as quickly as possible," the statement
said.

Scripps Health did not specify the type of cyberattack and did not indicate
when it expects to have its systems back online. It's not clear at this
time whether the cyberattack impacted patients' health information.

In a tweet, the health system said, "We are still in the process of
assessing the extent of this attack. If any of our patients’ information
was compromised, we will be reaching out to them."

The health system said it is rescheduling some patients’ appointments and
is reaching out to patients to do so. Patients who have appointments
scheduled during the next several days and are unsure about their status
may call 1-800-SCRIPPS for more information.

According to The San Diego Union-Tribune, all four Scripps hospitals in
Encinitas, La Jolla, San Diego and Chula Vista were put on emergency bypass
for stroke and heart attack patients as a precautionary measure, meaning
patients with such life-threatening conditions are being diverted to other
medical centers where possible.

Monday, an employee with AMR, the city's ambulance provider, said Scripps
was only taking trauma transports and foot traffic at that time. All other
ambulance traffic to Scripps medical centers was being diverted to other
facilities, local news channel NBC San Diego reported.

Local media outlets are reporting the incident as a ransomware attack.

Scripps Health issued a statement on Twitter May 2 confirming an
"information technology security incident" that was detected late on May 1.

"As a result of this, we suspended user access to our information
technology applications related to operations at our health care
facilities, including MyScripps and http://scripps.org. While our
information technology applications are offline, patient care continues to
be delivered safely and effectively at our facilities, utilizing
established back-up processes, including offline documentation methods,"
the health system said in the statement.

As of Wednesday morning, the health system's website was still down.

While the health system said in its statement that it was continuing to
provide patient care, the fallout from the cyberattack has created
confusion for patients and their families, especially those who were
scheduled for appointments this week. On social media and internet forums
such as Reddit, patients sought out more information about procedures and
appointment cancellations.

The San Diego Union-Tribune reported that it obtained an internal memo from
the health system that indicated information systems at two of Scripps’
four main hospitals were infected, including backup servers in Arizona.

"A person familiar with the situation who asked to remain anonymous
confirmed many of the memo’s contents and said access to resources such as
medical imaging were also affected," reporters Greg Moran and Paul Sisson
with The San Diego Union-Tribune reported.

In a statement posted on Twitter, Scripps Health said the health system has
notified “law enforcement and appropriate government organizations” about
the cyberattack while it works to get the system back up and running.


Healthcare organizations have been plagued by an uptick in cyberattacks in
the past year as cybercriminals take advantage of the COVID-19 pandemic and
disrupt operations at hospitals across the country.

Attacks on healthcare entities worldwide jumped 45% from November 2020 to
January 2021, more than double the overall increase in cyberattacks across
all industry sectors worldwide seen during the same time, according to a
report from Check Point Software.

"The recent attack on Scripps Health further underscores the need for
improved security among healthcare providers," said Motti Sorani, chief
technology officer at medical device security firm CyberMDX.

"Unlike other fields such as banking, where the greatest damage is
financial or a hit to the reputation, lack of proper cybersecurity
protocols in healthcare can endanger lives and prevent critical medical
devices from functioning when they are needed. So far we have been lucky,
but it's only a matter of time before a hacker, either intentionally or
accidentally, disrupts a lifesaving device with a patient on the other
end," Sorani said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210506/fa264a03/attachment.html>