Scripps Health says malware took down its computer networks as state regulators monitor the situation

Cybersecurity
The California Department of Public Health is monitoring the cyberattack as it impacts Scripps Health facilities throughout San Diego County, the San Diego Union-Tribune reported Wednesday. (Getty/cifotart)

Scripps Health said the cyberattack last weekend that took down its IT systems stemmed from malware on its computer network.

San Diego-based Scripps Health, which operates five hospitals in the region, is still offline following the cyberattack on Saturday, May 1 that has significantly disrupted care and forced medical personnel to use paper records.

Local media station NBC 7 reported that the California Department of Public Health (CDPH) described the ongoing situation at Scripps Heath as a case of "ransomware attacks."

On Friday, an official with the California Department of Public Health sent NBC 7 a statement confirming that "ransomware attacks were reported to the department."

In a statement released last Wednesday, Scripps Health said it began experiencing a network outage that resulted in a disruption to its IT systems at its hospitals and facilities. Scripps Health said it immediately launched an investigation and took steps to contain the outage, including by taking a significant portion of its network offline as a proactive security measure.

The health system brought in an independent cybersecurity firm to help investigate the incident and begin working to restore its systems.

"While the investigation is ongoing and in the early stages, we have determined that the outage was due to a security incident involving malware on our computer networks. Scripps technical teams are working 24/7 to restore our systems as quickly and safely as possible, and in a manner that prioritizes our ability to provide patient care," the health system said.

RELATED: Cyberattack forces Scripps Health to go offline, disrupts patient care

Local media are referring to the incident as a ransomware attack.

The health system did not say when it expects to get its systems back online or if there had been any ransom demand, which typically occurs with a ransomware attack.

The cyberattack has resulted in operational disruptions at Scripps Health hospitals and facilities, but the health system said its clinical staff is "trained to provide care in these types of situations."

"Scripps Health physicians, nurses and staff are implementing workarounds to mitigate any disruptions and provide uninterrupted care to our patients," health system officials said.

The outage has forced the cancellation of many patient appointments and procedures. Local news media are reporting that many patients still feel they are in the dark about if their appointments are canceled and when they will get rescheduled to receive care.

NBC 7 spoke to a nurse, who asked to remain anonymous, who reported that the situation was "frantic" inside the Scripps Health facility where she works.

"She said nurses were crying and feeling uncomfortable, and that some believed Scripps was downplaying the impacts of the outage," the news station reported.

RELATED: 2020 offered a 'perfect storm' for cybercriminals with ransomware attacks costing the industry $21B

The California Department of Public Health is monitoring the cyberattack as it impacts Scripps Health facilities throughout San Diego County, the San Diego Union-Tribune reported.

The agency has thus far determined that emergency procedures underway since Saturday have been adequate to ensure patients are safe, the newspaper reported.

“These hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital,” the CDPH said in a statement provided to the San Diego Union-Tribune.

CDPH further noted that it has the authority to “involuntarily suspend” the licenses of facilities if it determines that the care being provided is unsafe. However, the mere fact that a hospital is operating under “emergency protocols” does not, in and of itself, “warrant such action, according to its statement.

Other health systems in the area were helping to pick up the load shed by San Diego’s second-largest health system as measured by total patient discharges, behind only Sharp HealthCare, according to state data.

Dr. Christian Dameff, an emergency medicine specialist and cybersecurity researcher at UC San Diego Health, told the San Diego Union-Tribune Wednesday that the situation has definitely been noticeable in the volume of patients arriving daily for treatment.

“We really are a giant ecosystem, and when one organization is attacked, it can impact all of the others,” Dameff said, according to the article. “Everyone’s kind of coming together in the greater San Diego area to try to help facilitate that care.