Scripps Health’s Network Hit by Ransomware Attack
The Giant Healthcare Provider Was Hit Saturday In an Attack That Pressured It to Restrict Patient Access to Online Portals, Divert Critical Care Patients.
Last weekend, a ransomware attack on Scripps Health’s computer network significantly thwarted care, forcing the healthcare provider to block patient access to its online portal, postpone consultations, and transfer critical care patients to other hospitals.
Image Source: Facebook
On Monday, Scripps Health had one of its media representatives send out a statement from what appeared to be a personal Gmail account, NBC San Diego reports:
As Scripps Health continues to address the cyberattack from this past weekend, our facilities remain open for patient care, including our hospitals, emergency departments, urgent care centers, Scripps HealthExpress locations, and other outpatient facilities. Our technical teams and vendor partners are working tirelessly to resolve issues related to the cyberattack as quickly as possible.
Scripps Health initially downplayed the intrusion, an internal memo obtained by The San Diego Union-Tribune stated that information systems at two of Scripps’ four main hospitals were compromised, including backup servers in Arizona.
Electronic medical records were down, forcing medical personnel to use paper records, and also affecting “telemetry at most sites.” Telemetry is the electronic monitoring of patient vital signs, a critical function that has long been automated at modern hospitals but one that can be performed manually if necessary.
Ransomware attacks generally use malicious software to encrypt critical digital records, demanding a cash payment, usually in the cryptocurrency bitcoin, in order to unlock resources.
The hospital system’s outpatient urgent care centers, its Scripps HealthExpress locations, and all its emergency departments are open and accepting patients.
The statement said the hospital system has notified “law enforcement and appropriate government organizations” about the cyberattack while it works to get the system back up and running.
Hospitals have become perennial targets of cyberattacks, including SalusCare, New Hampshire Hospital, and Atascadero State Hospital.
On average, healthcare providers lose almost 7% of their customers after a data breach or cyberattack, which is the highest when compared to other industries.
The acting deputy attorney general John Carlin wrote in a staff memo that
Ransomware can have devastating human and financial consequences. When criminals target critical infrastructure such as hospitals, utilities, and municipal networks, their activity jeopardizes the safety and health of Americans.
As a result, last month, the Department of Justice announced it was launching a task force along with the FBI and the Executive Office of US Attorneys to deal with the growing problem of ransomware attacks that have impeded hospital operations, led to the temporary closure of school classes and caused other chaos nationwide.
According to the DOJ, last year was the worst to date in terms of the economic toll, with ransom demands to victims averaging over $100,000 and, in some cases, summing tens of millions of dollars.