Over the weekend, Scripps Health confirmed a cyberattack affected many of their systems. As of Monday afternoon, their website was still down.
Scripps Health would not go into detail about the attack, only calling it an “information technology security incident.” Many patients’ appointments needed to be rescheduled due to what happened.
Team 10 also learned that the attack affected their trauma units. Patients had to be diverted to other hospitals over the weekend. UC San Diego Health was one of those hospitals.
“This is a nightmare scenario for any hospital or health system, so we offered to help in any way we could,” said Dr. Christopher Longhurst, the Chief Information Officer and Assistant Chief Medical Officer for UC San Diego Health.
Dr. Longhurst said because Scripps was unable to access to electronic health records, they went on bypass for trauma, heart attack, and stroke patients. UC San Diego Health took in some of those patients.
“Sometimes the public sees us as competitive, but honestly, we all went into health care to take great care of patients,” Dr. Longhurst said, adding that the various hospitals cooperate behind the scenes and share information.
Scripps has not revealed further details of the attack. Cybersecurity expert Mike Hamilton, founder of CI Security and former head of cybersecurity for the City of Seattle, said these types of breaches are not going anywhere.
“The most prevalent and pernicious threat right now is this thing called ransomware, which is extortion,” Hamilton said. “The size of the extortion demands has gone up. Right now, the average payout is something like $300,000. The top extortion demand right now is $50 million.”
While we don’t always know who is behind these attacks, Hamilton said some of the criminals use the resources of foreign governments. With the pandemic, some of the hackers had a new focus.
“It’s not just for the purpose of stealing the secrets. It’s also for the purpose of disrupting vaccine distribution in other countries… It’s about disrupting the flow of getting vaccines in the arms,” Hamilton said. “The entire supply chain is under attack, including companies that produce refrigeration equipment for these vaccines.”
The Department of Health and Human Services’ Office for Civil Rights keeps records of public health information data breaches for incidents affecting at least 500 people. Its records show a breach somewhere in the country practically daily. In California, more than 20 cases are currently under investigation from just this year.
“We have to spend more of our resources, money, time, and people investing in hardening our cybersecurity infrastructure. It’s absolutely necessary,” Dr. Longhurst said. “Of course, we wish that we could spend those dollars in other ways on direct patient care, for example.”