Nonprofit health care provider Scripps Health in San Diego has been hit by a ransomware attack that disrupted patient care operations and forced it to take its health portal offline.
Following the attack, some critical-care patients have been redirected to other hospitals.
Scripps Health detected the ransomware attack late on Saturday and shut down its MyScripps and scripps.org applications that connected customers to health care facilities.
Scripps Health operates five hospitals and 19 outpost facilities and employs over 2,600 affiliate physicians. Scripps Health treats over 700,000 patients yearly. Scripps Health is an attractive target for ransomware gangs with its quarterly revenues of over $790 million in 2020.
On Sunday, the health care provider announced that patient care was delivered “safely and effectively” at their facilities despite IT systems being offline. However, appointments over the weekend and on Monday have been canceled. Electronic monitoring of a patient’s vitals has also been affected by the attack.
Not all locations have been closed for patient care, though. Such outpatient urgent care centers as Scripps HealthExpress locations and Emergency Departments are accepting customers.
The nonprofit health care organization added that they started to restore systems from backups. The San Diego Union-Tribune reported that Scripps Health medical personnel was relying on paper records. The news outlet said it learned this from a Scripps Health internal memo, and it was confirmed by someone familiar with the situation.
According to the internal notice, the attack impacted computer systems at two hospitals and disrupted medical imaging services. After the attack, hospitals in Encinitas, La Jolla, San Diego, and Chula Vista had to refuse to accept stroke and heart attack patients. Such patients had to be taken to other medical facilities.
Scripps Health has informed law enforcement and government organizations about the incident.