What to Know
- The California Department of Public health calls the cyberattack “ransomware attacks”
- Scripps did not provide any information on how the cyberattack occurred but later determined that the outage was due to a security incident involving malware on its computer networks
- The cyberattack caused rescheduled appointments, affected Scripps email servers, and suspended access to patient portals and other tech applications
One of San Diego’s main health care systems, Scripps Health, had its technology servers hacked on May 1 in what has been deemed a ransomware attack by the California Department of Public Health (CDPH).
And, although the incident has disrupted access to patient information, affected the ability of health care workers to do their jobs and led to a lack of communication with patients, Scripps Health has provided little details about the cyberattack.
Patients who have appointments scheduled in the coming days can call 1-800-SCRIPPS for more information about their appointment status.
The local health-care provider, operates five hospitals in San Diego, along with a series of clinics.
Here’s what happened in the last week, what we know and what we don’t know:
May 2, 2021
Scripps Health first confirmed on Sunday that their technology servers were hacked overnight forcing the health care system to switch to offline chart systems and causing a disruption to their patient portals.
Scripps did not provide any information on how the cyberattack occurred or state exactly what systems were affected by the breach.
The health care system said they suspended access to their patient portals and other “technology applications related to our operations at our health care facilities,” but stressed that patient care continues using “established back-up processes, including offline documentation methods.”
The San Diego County Office of Emergency Services (OES) said ambulances were being diverted from Scripps’ facilities to other hospitals in the area but that it was a precautionary measure.
As of May 5, the county had stopped adjusting its routing of ambulances to hospitals, according to a county spokesperson.
OES officials said Sunday that its cybersecurity professionals were investigating the cyber attack.
Scripps said that outpatient urgent care centers, Scripps HealthExpress locations and their emergency departments remain open for care.
Scripps Health confirmed Sunday their technology servers were hacked overnight.
May 3, 2021
A spokesman for Scripps declined to comment Monday when asked whether the incident was a case of ransomware, in which malicious code is introduced to a computer system, rendering it inoperable until a ransom is paid.
On Monday afternoon, the heath-care provider had one of its media representatives send out the following statement from what appeared to be a personal Gmail account:
“As Scripps Health continues to address the cyberattack from this past weekend, our facilities remain open for patient care, including our hospitals, emergency departments, urgent care centers, Scripps HealthExpress locations, and other outpatient facilities. Our technical teams and vendor partners are working tirelessly to resolve issues related to the cyberattack as quickly as possible.“
Scripps also said the cyberattack had prompted some patients to reschedule appointments and would be contacting them to do so. It’s not clear how that contact would be made, since it appeared Scripps’ email servers were affected by the outage. Patients who had appointments in “the next several days” can call 800-SCRIPPS for more information.
On Monday afternoon, the heath-care provider had one of its media representatives send a statement from what appeared to be a personal Gmail account, reports NBC 7’s Dana Griffin.
May 4, 2021
On Tuesday, NBC 7 asked a spokesman from Scripps about the impact to patients and their personal information, but he declined to comment. On Monday, though, the healthcare provider said the cyberattack had prompted some patients to reschedule appointments and would be contacting them to do so. At the time, it was not clear how providers would be making contact with patients.
Poway patient Chris Sheridan told NBC 7 on Tuesday that he — like many others — learned they still had appointments by using Scripps Facebook account.
Sheridan was recovering at home after a two-hour shoulder surgery Monday at Scripps Carmel Valley. He went in with some concerns but said he got the same level of care he expected before the cyberattack.
“I was worried going in that something was going to be different,” Sheridan said. “I was very happy to have my shoulder surgery go on as planned.”
Sheridan contacted his healthcare providers via Facebook’s Instant Messenger app.
“They got back to me saying to keep my scheduled time unless I was otherwise told,” Sheridan said.
Scripps Health officials are not answering specific questions about Saturday’s cyberattack, but someone is responding to patients’ questions via Scripps Facebook account, reports NBC 7’s Dana Griffin.
May 5, 2021
NBC 7 learned the Scripps Health cyberattack is prolonging care for patients, including a much-needed surgery for a woman with a rare disease.
Two months ago, Jonaliza Monforte, 21, was diagnosed with moyamoya disease — a rare condition that restricts blood flow to the brain because of narrowed vessels. It can put people at risk for a stroke.
“Nobody can really tell how fast my progression is,” Monforte said. “I was told that I’m needing the surgery soon.”
Monforte is a Scripps patient but needs surgery from a specialist at Stanford University.
But here’s the problem: Saturday’s cyberattack forced Scripps Health offline and Monforte said she can’t get her medical records and images sent to Stanford, which is prolonging her surgery.
She said she can’t get answers from Scripps when she calls.
“Every time I would call they would just tell me that their system is still down and to keep calling every day.”
Scripps Health sent out the following statement via what appeared to be an employee’s personal Gmail account:
On May 1, Scripps Health began experiencing a network outage that resulted in a disruption to our IT systems at our hospitals and facilities. Upon discovering the outage, we immediately initiated an investigation and took steps to contain the outage, including by taking a significant portion of our network offline as a proactive security measure. An independent cybersecurity firm was engaged to assist in our investigation and restoration efforts. While the investigation is ongoing and in the early stages, we have determined that the outage was due to a security incident involving malware on our computer networks. Scripps technical teams are working 24/7 to restore our systems as quickly and safely as possible, and in a manner that prioritizes our ability to provide patient care.
While this incident has resulted in operational disruptions at our hospitals and facilities, our clinical staff is trained to provide care in these types of situations, and are committed to doing so. Scripps Health physicians, nurses and staff are implementing workarounds to mitigate any disruptions and provide uninterrupted care to our patients.
As a result of this incident, we need to reschedule some patients’ appointments and are reaching out to them to do so. Patients who have appointments scheduled during the next several days and are unsure about their status may call 1-800-SCRIPPS for more information.
NBC 7’s Dana Griffin spoke to a patient whose wait for surgery has been extended by the cyberattack.
May 6, 2021
Two of San Diego County’s biggest health care providers say they’re seeing an increase in patients because of a cyberattack that sent the Scripps Health network offline.
Scripps has not confirmed whether or not the cyberattack has slowed patient intake, but both UC San Diego Health and Sharp Healthcare say they’re now seeing an increase in patients as a result of the attack.
“As recent events at Scripps Health illustrate, health care systems continue to be prime targets for cyberattacks,” read a statement by Jeanna Vazquez of UC San Diego Health sent to NBC 7. That statement continued, “while Scripps Health continues to assess and remedy the situation, ramifications are being experienced across the region.”
“UC San Diego Health has seen an increase in patients coming to our facilities, especially to the emergency departments at UC San Diego Health Medical Center in Hillcrest and Jacobs Medical Center in La Jolla,” Vazquez’s statement added. “In response, we have increased staff where needed and have coordinated patient overflow areas as necessary to accommodate the additional volume — all while ensuring patients are cared for safely and at the highest standards.”
A spokesman for Sharp Healthcare also said emergency department patient volume at Sharp’s hospitals has increased in recent days.
“Since emergency rooms have been on bypass, we are seeing increased volumes at our [Emergency Department]s over the past few days.” spokesperson John Cihomsky said.
Neither UC San Diego Health or Sharp Healthcare were able to provide specific numbers related to their respective patient increases.
A spokesperson for both Alvarado and Paradise Valley hospitals said while neither of the hospitals have seen a “sizable increase in patients at either hospital,” it was still too soon for any trend to become apparent.
Representatives for both Kaiser Permanente in San Diego as well as Palomar Health said their respective healthcare systems have not seen an increase in patients since the cyberattack on Scripps Health.
NBC 7’s Dana Griffin continues to follow the Scripps cyberattack, which was affecting Scripp’s data systems for the sixth day.
NBC 7 spoke with a nurse who asked to remain anonymous. She said it was frantic inside her Scripps Health facility. She said nurses were crying and feeling uncomfortable, and that some believed Scripps was downplaying the impacts of the outage.
The nurse added that doctors can cancel elective procedures, especially when they don’t have a patient’s history. She said doing so would be for the patient’s own safety. She’s more concerned, though — because nurses can’t look information up online — about people having heart attacks or strokes, and those who can’t speak for themselves and don’t know their medical history.
NBC 7 asked a Scripps Health spokesman again on Thursday to provide more info about the malware that had infected their technology systems and when the health system expects to be back online. The spokesman declined to comment.
On Friday, the California Department of Public Health (CDPH) described the ongoing situation at Scripps Heath as a case of “ransomware attacks.”
Ransomware typically works by introducing software that encrypts a user’s data and holds the decryption key until the ransom is paid. Once that happens, a typical recourse is to reformat and restore the system from backups, an SDSU cyber warfare and cyber terrorism expert Steven Andrés told NBC 7 in 2018.
Scripps described what was happening as “a network outage that resulted in a disruption to our IT systems.” On Friday, however, an official with the California Department of Public Health sent NBC 7 the following statement:
“The ransomware attacks were reported to the department. As required by state and federal law, hospitals are required to provide proper patient care at all times, including in any emergency situation. CDPH is actively monitoring the hospitals impacted. These hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital. The department has authority to involuntarily suspend facility licenses in extreme circumstances that pose immediate risk to patient safety. Facilities reliance on emergency protocols does not automatically warrant such action.“
It’s unknown at this time who is behind the ransomware attack or how much money they are seeking in the ransom. The CDPH referred NBC 7 to Scripps for more details. Later on Friday afternoon, NBC 7 received the following statement from a Scripps Health spokesman:
“… the investigation is ongoing. To date, our investigation has determined that the outage was due to a security incident that involved malware on our computer networks. So as not to compromise the integrity of the ongoing investigation and to maintain our focus on providing the highest level of patient care, we are not able to provide additional details at this time.”
NBC 7 heard from a patient who needed care while the attack was affecting the network’s system, and from a cyber security expert about the scope of the attack.
At least three Scripps employees tell NBC 7, not only have their hours have been cut because of postponed procedures, but now they’ve been told they’ll have to use their vacation time, or not get paid at all for the cut hours.
Many of the health care workers, who are non-union employees are still reeling from long hours working with COVID-19 patients.
“Scripps should cover our lost wages during this time. They should be covering it and not expect nurses to dip into their PTO (personal time off) when we’ve just come out of Covid and we need our vacation time,” said one health care worker who requested anonymity for fear of repercussion.
Scripps Health did not respond to this specific issue, only referring NBC 7 to a statement issued earlier this week that acknowledges the cyber-attack.
Scripps Health is not the first major entity in San Diego to be hit by a ransomware attack. In September 2018, cyber-crooks hit the Port of San Diego. Hackers breached the Port’s information technology systems and demanded payment in Bitcoin, the agency said, though the amount was not disclosed.