Scripps CEO says attack was ransomware
Photo: Soumil Kumar/Pexels
Nearly four weeks after a security incident that led to a network outage at Scripps Health, President and CEO Chris Van Gorder confirmed that the attack involved ransomware.
In a public statement, Van Gorder said he anticipated that the San Diego-based health system would have its electronic health record back online in the latter part of the week.
"While this progress is meaningful, there is work left to be done. We look forward to building on these efforts and restoring the remaining Scripps systems as soon as possible," he wrote.
WHY IT MATTERS
Scripps suspended user access to its IT applications after detecting a security incident on May 1. For more than two weeks, the health system's website and Epic-powered online patient portal were inaccessible.
This past week, software slowly started to come back online – although, as Van Gorder alluded to, the EHR remains partially down.
"When you come in for care, your medical history is again at our fingertips electronically, and we’ve increased capacity at our internal call center to help answer patients’ questions," he wrote.
Van Gorder said he anticipated that Scripps' EHR will be online in the latter half of the week, including patients' ability to log into the MyScripps portal.
"While this progress is meaningful, there is work left to be done," he said. "We look forward to building on these efforts and restoring the remaining Scripps systems as soon as possible."
In his statement, Van Gorder said his reluctance to share more details about the attack stemmed from a fear of "not being able to restore our systems safely and as quickly as possible for you."
As he explained: "This is not hypothetical. Other attackers are already using what is being reported in the media to send scam communications to our organization."
Van Gorder said that at this point he could share what many experts had already surmised: that the incident involved ransomware.
"We reported this to federal law enforcement, and continue to support their investigation as well," he said. "Our IT teams and outside consultants are literally working around the clock to restore our systems."
Van Gorder did not comment on whether patient information had been exposed, and an FAQ section posted to the company website said that the investigation remains ongoing.
"Rest assured, we have thorough backups and are using them to help our restoration efforts," he said. "Even so, there is no 'easy button.'"
WHY IT MATTERS
Although the specifics of the Scripps attack – including who is responsible – are still unknown, the Federal Bureau of Investigation warned this week that it had identified at least 16 Conti ransomware attacks over the past year targeting U.S. healthcare and first responder organizations.
The problem isn't just domestic – Conti was behind the incident that took out Ireland's health service earlier this month, although the group also offered up the decryption tool necessary for the system to recover.
ON THE RECORD
"We know that this incident has been a hardship for our patients, our employees, and our physicians, and we are truly sorry," said Van Gorder. "Thank you again for your patience and understanding during this challenging time."
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.