Scripps Health, a non-profit health care provider in San Diego, recently suffered a ransomware attack that forced it to temporarily stop user access to its online portal and switch to other available options for patient care operations.
According to local media reports, Scripps Health detected the attack late on Saturday and quickly suspended user access to its applications like MyScripps and scripps.org. It also redirected critical-care patients to other health care facilities.
On Sunday, Scripps Health announced the cyber security incident via a post on Facebook. It said the ransomware attack took place on May 1, forcing it to suspended user access to IT applications related to operations at the health care facilities. Outpatient urgent care centre, Scripps HealthExpress locations, and Emergency Departments, however, remain operational.
“Some patient appointments scheduled for today and Monday, May 3, will need to be postponed as a result of this. We are working on how best to notify these patients about the need to reschedule. Our technical teams and vendor partners are working around the clock to resolve these issues as quickly as possible. We have notified law enforcement and the appropriate governmental organizations,” it said.
“Our technical teams and vendor partners are working around the clock to resolve these issues as quickly as possible. We have notified law enforcement and the appropriate governmental organizations.
“We want to reassure our patients that our physicians and employees are well-trained and thoroughly prepared to respond to this sort of situation so that we can continue to care for the community’s health care needs,” it added.
According to The San Diego Union-Tribune, the ransomware attack crippled Scripps Health’s electronic medical records system, forcing medical personnel to use paper records temporarily. The attack also affected the telemetry system used by medical facilities to electronically monitor patients’ vital signs.
The attack was critical enough to force all four Scripps hospitals in Encinitas, La Jolla, San Diego, and Chula Vista to transfer patients to other medical facilities. All trauma patients were also diverted from Scripps Mercy Hospital San Diego in Hillcrest and Scripps Memorial Hospital La Jolla.
Incidents of cyber criminals using various malware and ransomware variants to target healthcare organisations have been on the rise, especially after the pandemic imposed an enormous strain on healthcare facilities and care centres. In September last year, US hospital chain Universal Health Services, Inc., among the largest providers of hospital and healthcare services in the US, was forced to suspended user access to its IT applications after a cyber attack struck its systems.
A ransomware attack also disrupted operations at Germany-based Fresenius Group, Europe’s largest private hospital operator whose dialysis products and services were in huge demand in the middle of the COVID-19 pandemic. An employee at the hospital chain told Brian Krebs that “a cyber attack had affected every part of the company’s operations around the globe” and that the malware used in the operation was the dreaded Snake ransomware.
The attack took place shortly after the National Cyber Security Centre and the U.S. Department of Homeland Security issued a joint statement to warn about APT groups targeting organisations involved in both national and international COVID-19 responses, such as healthcare bodies, pharmaceutical companies, and medical research organisations.
Through the joint statement, the two authorities highlighted how APT groups were carrying out large-scale “password spraying” campaigns to gain access to accounts belonging to organisations involved in the coronavirus response- especially healthcare bodies and medical research organisations.
The primary motive of such APT groups is to collect bulk personal information, intellectual property and intelligence that aligns with national priorities. NCSC observed that “actors may seek to obtain intelligence on national and international healthcare policy or acquire sensitive data on COVID-19 related research”.