Cyberattack forces Scripps Health to go offline, disrupts patient care

San Diego-based Scripps Health is struggling to restore its IT systems after a cyberattack May 1 that has significantly disrupted care, impacted email servers and forced medical personnel to use paper records.

Some critical care patients were diverted and the online patient portal was taken offline, The San Diego Union-Tribune reported.

Scripps Health operates five hospitals in the San Diego area.

In a statement emailed to Fierce Healthcare from a Scripps Health spokesman, the health system said its facilities remain open for patient care, including hospitals, emergency departments, urgent care centers, Scripps HealthExpress locations and other outpatient facilities.

"Our technical teams and vendor partners are working tirelessly to resolve issues related to the cyber incident as quickly as possible," the statement said.

Scripps Health did not specify the type of cyberattack and did not indicate when it expects to have its systems back online. It's not clear at this time whether the cyberattack impacted patients' health information.

In a tweet, the health system said, "We are still in the process of assessing the extent of this attack. If any of our patients’ information was compromised, we will be reaching out to them."

RELATED: 2020 offered a 'perfect storm' for cybercriminals with ransomware attacks costing the industry $21B

The health system said it is rescheduling some patients’ appointments and is reaching out to patients to do so. Patients who have appointments scheduled during the next several days and are unsure about their status may call 1-800-SCRIPPS for more information.

According to The San Diego Union-Tribune, all four Scripps hospitals in Encinitas, La Jolla, San Diego and Chula Vista were put on emergency bypass for stroke and heart attack patients as a precautionary measure, meaning patients with such life-threatening conditions are being diverted to other medical centers where possible.

Monday, an employee with AMR, the city's ambulance provider, said Scripps was only taking trauma transports and foot traffic at that time. All other ambulance traffic to Scripps medical centers was being diverted to other facilities, local news channel NBC San Diego reported.

Local media outlets are reporting the incident as a ransomware attack.

Scripps Health issued a statement on Twitter May 2 confirming an "information technology security incident" that was detected late on May 1.

"As a result of this, we suspended user access to our information technology applications related to operations at our health care facilities, including MyScripps and While our information technology applications are offline, patient care continues to be delivered safely and effectively at our facilities, utilizing established back-up processes, including offline documentation methods," the health system said in the statement.

RELATED: Hospitals hit with ransomware attacks as FBI warns of escalating threat to healthcare

As of Wednesday morning, the health system's website was still down.

While the health system said in its statement that it was continuing to provide patient care, the fallout from the cyberattack has created confusion for patients and their families, especially those who were scheduled for appointments this week. On social media and internet forums such as Reddit, patients sought out more information about procedures and appointment cancellations.

The San Diego Union-Tribune reported that it obtained an internal memo from the health system that indicated information systems at two of Scripps’ four main hospitals were infected, including backup servers in Arizona.

"A person familiar with the situation who asked to remain anonymous confirmed many of the memo’s contents and said access to resources such as medical imaging were also affected," reporters Greg Moran and Paul Sisson with The San Diego Union-Tribune reported. 

RELATED: From weaponized AI to threats against the vaccine rollout, here are 6 cybersecurity trends to watch in 2021

In a statement posted on Twitter, Scripps Health said the health system has notified “law enforcement and appropriate government organizations” about the cyberattack while it works to get the system back up and running.

Healthcare organizations have been plagued by an uptick in cyberattacks in the past year as cybercriminals take advantage of the COVID-19 pandemic and disrupt operations at hospitals across the country.

Attacks on healthcare entities worldwide jumped 45% from November 2020 to January 2021, more than double the overall increase in cyberattacks across all industry sectors worldwide seen during the same time, according to a report from Check Point Software.

"The recent attack on Scripps Health further underscores the need for improved security among healthcare providers," said Motti Sorani, chief technology officer at medical device security firm CyberMDX.

"Unlike other fields such as banking, where the greatest damage is financial or a hit to the reputation, lack of proper cybersecurity protocols in healthcare can endanger lives and prevent critical medical devices from functioning when they are needed. So far we have been lucky, but it's only a matter of time before a hacker, either intentionally or accidentally, disrupts a lifesaving device with a patient on the other end," Sorani said.