Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune.
Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records or other sensitive data.
The paper reported that an email notice from county emergency-services coordinator Jaime Pitner said that all four of Scripps’ main hospitals, in Chula Vista, Encinitas, La Jolla and San Diego, implemented emergency-care diversions. Stroke, trauma and heart-attack patients were sent to other medical centers, it said.
Emergencies being sent elsewhere after a ransomware attack is not unheard-of: In September n September, employees at Universal Health Services (UHS), a Fortune-500 owner of a nationwide network of hospitals, reported widespread outages that resulted in delayed lab results, a fallback to pen and paper, and patients being diverted to other hospitals. The culprit turned out to be the Ryuk ransomware, which locked up hospital systems for days.
“No patients died tonight in our [emergency room] but I can surely see how this could happen in large centers due to delay in patient care,” a Reddit user identifying themselves as a nurse wrote at the time.
Earlier that month, a ransomware attack at a Dusseldorf University hospital in Germany resulted in emergency-room diversions to other hospitals. According to a report by the Ministry of Justice of the State North Rhine-Westphalia, a patient died who had to be taken to a more distant hospital in Wuppertal because of the attack on the clinic’s servers. The initial charges of homicide that were filed in the case were however later dropped.
“Showing just how low cybercriminals will go, the attack on a major healthcare facility like Scripps highlights the dark side of ransomware, disturbingly putting lives at risk,” said Edgard Capdevielle, CEO of Nozomi Networks, via email.
The outages are widespread across the Scripps system, according to reports. The Times-Union reported that the cyberattack disrupted the organization’s backup servers in Arizona, the MyScripps online patient portal was taken offline, and Monday appointments were postponed.
The day-to-day activities of staff have also been interrupted. Nurses, doctors and other personnel have resorted to using manual processes and paper records, since the electronic health records system was disrupted. That’s something that also happened in the UHS attack. And, the for the time being, the “telemetry at most sites” used for electronic monitoring and alarming (heart monitors, for instance) has become inaccessible, Scripps said, requiring regular manual checks of patients. A source told the paper that medical imaging and other “resources” have been affected.
The Scripps statement said that while the systems are offline, “patient care continues to be delivered safely and effectively at our facilities, utilizing established back-up processes, including offline documentation methods.”
“Malicious actors and attackers are unrelenting in their pursuits to take advantage of the most vulnerable systems, healthcare organizations and exploit them,” said Alexa Slinger, identity management expert at OneLogin, via email. “We’ve seen that weak access control and social engineering phishing are usually the main ways they target and exploit healthcare institutions, resulting in data breaches and/or ransomware attacks. While Scripps has not made details known, we have seen COVID-related topics and email subject lines as the enticement to lure vulnerable individuals in.”
Hospitals are top targets for attackers – their critical role in communities can lead them to paying a quick ransom payoff, according to Purandar Das, CEO and co-founder at Sotero.
“Hackers are targeting soft targets knowing that they are easy to attack and they are financially rewarding,” he explained to Threatpost. “This also plays into current situations where medical information is more valuable than other categories of stolen information. It is also highlighting a weakness in current deployments of technology platforms that adopt a legacy approach to security and data protection.”
He added, “Criminals are targeting organizations that have been slow to adopt a more robust and resilient architecture. Organizations have to move towards protecting data, via new encryption technologies, that keep them secure while enabling privileged access. This prevents a ‘data held hostage’ situation. Secondly, organizations have to move towards a resilient deployment architecture that enables them to bring up a failover system without risking long term outages.”
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” – a LIVE roundtable event on Wed, May 12 at 2:00 PM EDT. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and Register HERE for free.