Categories
Local News

CEO says attack was result of ransomware; patient records to be restored

SAN DIEGO – The more than four-week disruption of services at Scripps Health was the result of a ransomware attack, the health system’s chief executive said in a letter Monday.

Chris Van Gorder, Scripps Health CEO, inoculated Christian Dollahon, 66 from Oceanside with the Pfizer vaccine at the Del Mar Fairgrounds on Friday, Feb. 12, 2021, in Del Mar, Calf. (Nelvin C. Cepeda/The San Diego Union-Tribune via AP, Pool)

Scripps President and CEO Chris Van Gorder apologized to patients, employees and physicians for the frustration caused by the attack which initially was detected May 1. The San Diego-based nonprofit system took a large portion of its network offline as a protective measure, resulting in rescheduled appointments for patients and some uncertainty for its staff.

Some functions, including on Scripps.org, have been restored, but Van Gorder said the system anticipates electronic health records will be available for patients later this week.

“While this progress is meaningful, there is work left to be done,” he said. “We look forward to building on these efforts and restoring the remaining Scripps systems as soon as possible.”

According to the U.S. Cybersecurity & Infrastructure Security Agency, ransomware is a constantly evolving type of malware which “renders any files and the systems that rely on them unusable.” Those behind the attack typically request a ransom be paid before access is restored, but such attacks can wreak havoc on governments, health care systems and essentially anyone with internet access.

Van Gorder acknowledged that the system has been providing few updates about the cyberattack as sharing more details “puts Scripps at an increased risk of coming under further attack.”

The attack was reported to federal law enforcement officials, he said.

“This is not hypothetical,” he wrote in the letter. “Other attackers are already using what is being reported in the media to send scam communications to our organization. I know that, for some of you, the reasons why we haven’t provided more frequent updates may not matter.

“But it was important for me to share and assure you that our patients’, employees’, and physicians’ safety and security are our constant guides.”

It is not yet known if hackers were able to get away with Scripps’ patients’ personal information.

Any patients with questions about the cyberattack are being asked to call 1-800-SCRIPPS. 

Full letter to Scripps Health patients

Dear Valued Scripps Patient,

I want to provide an update for you about Scripps’ continued response to our recent cyber incident. We know the last few weeks have been difficult for our community members, and at times it may have seemed like we weren’t communicating enough. We care deeply about our relationship with you and all of our patients, and I am sorry this has caused frustration. 

In our current situation, openly sharing the details of the work we have been doing puts Scripps at an increased risk of coming under further attack, and of not being able to restore our systems safely and as quickly as possible for you. This is not hypothetical. Other attackers are already using what is being reported in the media to send scam communications to our organization. I know that, for some of you, the reasons why we haven’t provided more frequent updates may not matter. But it was important for me to share and assure you that our patients’, employees’, and physicians’ safety and security are our constant guides.

That being said, we are now at a point where we can share some additional updates. We are continuing to investigate the incident, which I can confirm involved ransomware. We reported this to federal law enforcement, and continue to support their investigation as well. Our IT teams and outside consultants are literally working around the clock to restore our systems. Rest assured, we have thorough backups and are using them to help our restoration efforts. Even so, there is no “easy button.”

We continue to make progress. When you come in for care, your medical history is again at our fingertips electronically, and we’ve increased capacity at our internal call center to help answer patients’ questions. In addition, we anticipate our electronic health record will be back online the latter part of this week, including your ability to log into your MyScripps account to see your health care information. While this progress is meaningful, there is work left to be done. We look forward to building on these efforts and restoring the remaining Scripps systems as soon as possible.

In the meantime, as always, providing you with exceptional health care is our number one priority, so please don’t hesitate to come in for needed care.

We know that this incident has been a hardship for our patients, our employees, and our physicians, and we are truly sorry.

Thank you again for your patience and understanding during this challenging time. We are committed to continuing to serve you and our community, and will continue to provide you with updates.

Thank you,

Chris Van Gorder
President and CEO
Scripps Health