Reports: Ransomware Attack Continues to Disrupt Scripps Health | Healthcare Innovation

The San Diego-based Scripps Health is still trying to put the pieces together and organize critical patient data following a ransomware attack over the weekend that hacked the health system’s technology servers, according to multiple media reports.

The Scripps Health system includes four main hospitals, several outpatient facilities, and treats about a half-million patients annually. According to one May 3 report from NBC San Diego, “Officials did not provide information on how the cyberattack occurred, nor did they share what systems were affected by the breach. A spokesman for Scripps declined to comment Monday when asked whether the incident was a case of ransomware…”

A separate report in The San Diego Union-Tribune noted that while Scripps did not confirm the attack was ransomware, the outlet “obtained an internal memo that implicates that particular attack vector which also, apparently, affected Scripps’ backup servers in Arizona.”

NBC San Diego did obtain an email from one of the provider’s media representatives that noted Scripps Health is addressing the cyberattack from this past weekend, and in the meantime, its facilities remain open for patient care.  Scripps also said the cyberattack had prompted some patients to reschedule appointments and would be contacting them to do so, according to NBC San Diego.

The Union-Tribune did report that the cybersecurity incident “forced the health system’s four main hospitals to switch to paper records for their existing patients even as serious emergencies including trauma, heart attacks and strokes, were diverted to other hospitals.”

Notably, the Scripps.org website was still down as of early Tuesday afternoon.  

The report also stated that patients who had made appointments before the attack occurred this past weekend were left to filling out internet forms to seek further information. The Union-Tribune spoke to one patient who was scheduled for an esophageal diagnostic procedure and was supposed to receive the specific appointment information over the weekend via Scripps’ patient portal. But that system was down following the attack. “They couldn’t even look up basic information. They were obviously flabbergasted,” said the patient, who eventually got a call from Scripps saying his imaging and appointments involving X rays were cancelled, per the Union-Tribune report.

At the same time, the local outlet spoke to other patients—one whose mother was admitted to Scripps Memorial Hospital La Jolla Friday after experiencing dizziness and other heart-related symptoms, and another whose wife arrived in labor at Scripps Memorial Hospital Encinitas Sunday morning—both who said their experiences were mostly normal other than the IT outages.

Ransomware attacks continue to plague the healthcare industry, both from patient care and cost perspectives. Throughout last year, 92 individual ransomware attacks affected more than 600 separate clinics, hospitals, and organizations, and over 18 million patient records. The estimated cost of these attacks in total is nearly $21 billion, according to a recent analysis from security company Comparitech. Downtime varied from minimal impact due to frequent data backups to weeks or months of paper-only systems. One healthcare organization even lost all of the patient records involved in its attack, according to the analysis.