State regulator watching Scripps Well being ransomware assault carefully

The California Department of Health confirmed Wednesday May 5 that it was monitoring the ransomware attack that hit Scripps Health facilities across San Diego County, but has so far determined that the ongoing emergency response is appropriate to ensure that patients are safe.

The agency that oversees all hospitals in the state said Scripps had informed them of the “ransomware attacks” and was “actively monitoring” the situation.

“These hospitals are operational and care for patients using appropriate emergency protocols in inpatient areas of the hospital,” it said in a statement.

CDPH also noted that it has the power to “involuntarily suspend” facilities’ licenses if it determines that the care provided is unsafe. However, the mere fact that a hospital operates under “emergency protocols” does not in and of itself justify “such action”.

Wednesday May 5 was the fourth day of the attack and ambulance services were still being rerouted from most facilities, though a director of the county ambulance service said late Tuesday May 4 the situation was not absolute . Depending on the need at any given time, facilities may suffer trauma or other emergencies if diversion is impractical.

Other health systems in the region helped track the burden of San Diego’s second largest health system, as measured by total patient layoffs, lagging only behind Sharp HealthCare, according to state data.

Dr. Christian Dameff, emergency physician and cybersecurity researcher at UC San Diego Health, said Wednesday May 5 that the situation has definitely been reflected in the number of patients who arrive for treatment each day.

“What we saw with an influx of Scripps patients into the UCSD system as their ability to care for patients has diminished a bit,” said Dameff.

He said that everyone in San Diego’s vast medical community feels responsible for helping in such a situation.

“We are really a huge ecosystem, and if one organization is attacked it can affect everyone else,” said Dameff. “Everyone is coming together in the greater San Diego area to facilitate this care.

“Patients will not stop getting sick just because one of the health systems is attacked.”

The current status of the attack on Scripps remained uncertain. Patients have indicated that Scripps affected not only the four hospitals affected by the attack, but also the information systems that operate the clinics and outpatient surgery centers.

After failing to say anything about the situation on Tuesday, May 4, the company issued a brief statement late Wednesday afternoon, May 5, noting that it had hired an independent cybersecurity firm to deal with the To get to the bottom of the problem. This investigation, according to Scripps, was “not yet completed” but was classified as being linked to “malware” on the computer networks. Attempts to contain the threat have forced Scripps to take a significant portion of its data network offline “as a proactive security measure”.

“Scripps technical teams are working around the clock to restore our systems as quickly and safely as possible and in a manner that prioritizes our patient care ability,” the statement said.

On Wednesday afternoon, May 5, Jason Cabot, a lawyer from Normal Heights, was lying in a bed at Scripps Mercy Hospital in Hillcrest, recovering from surgery earlier in the day.


Get the Del Mar Times in your inbox

Free top stories from Carmel Valley, Del Mar and Solana Beach every Friday.

Enter your email address

Sign me up

Occasionally you will receive promotional content from the Del Mar Times.

It was not clear until the last minute whether the trial, which Cabot preferred not to disclose, would continue. When he called, planners had no access to his medical records or the surgical plan.

However, the process went fairly according to plan. Some may wonder why not just postpone until things go back to normal? In his case, the operation had already been significantly delayed due to COVID-19 restrictions.

“I don’t think it’s as easy as people think to reschedule given the huge backlog of surgery that already exists due to COVID,” he said. “Most operations were suspended for most of the year.”

He said that on Wednesday afternoon, May 5th, there were some signs of progress being seen at Mercy. Electronic telemetry systems were back online after originally being part of the shutdown, which resulted in a family who gave birth at Scripps Memorial Hospital Encinitas to have a nurse in the room to do their vital signs on Sunday May 2 and early Monday 3 May to be recorded on paper.

However, the patient record was still written in ink instead of being typed into a computer. This situation, Cabot said, has its own obvious problems.

“The biggest concern from a patient care perspective is that things like patient orders, allergies, medication records, etc. could fall through the cracks. In some ways this is reminiscent of the experience of the 90s or even the 80s.” Said Cabot.

But he added that the people who provided the grooming were far from retro in their approach.

“Ultimately, the staff did a great job, even though it was obviously an unfamiliar process for them,” he said.

That was the experience of Judy Nauta, a downtown resident, who had scheduled an echocardiogram for Thursday and a chemical stress test for Friday.

Although planning information was often not available, she said the attitude of the staff remained professional.

“I found everyone I spoke to was so nice and helpful,” she said in an email.

The question is certainly on everyone’s lips: How long will the current situation last?

Scripps did not create a timeline that gives the answer to this critical question.

Dameff, the cybersecurity researcher and doctor at UC San Diego, said he was unaware of the exact nature of the attack on Scripps and how deep it went into network resources. It can take weeks for the most severe ransomware attacks to recover.

Part of the problem, he said, is that starting over isn’t just about pressing the reset buttons of the wide range of technologies that modern medical facilities use. Information technology teams must methodically verify that malicious software is really gone before they can bring systems back online. And when there is a need to reset large pieces of equipment to a new state, clear its previous configurations, reload and reset everything, it can take forever.

“It has to be done carefully because if you secure a system and haven’t closed all the doors and the hackers can still get in, they just do the same thing all over again,” he said.

– Paul Sisson is a reporter for The San Diego Union-Tribune

Comments are closed.