Skip to main content

12 Days In, Ransomware Attack on Healthcare System Continues

by Chris Brook on Monday August 22, 2022

Contact Us
Free Demo

A ransomware attack against one of San Diego's main healthcare systems has lasted for 12 days so far, resulting in lab test delays and forcing doctors and nurses to use pen and paper.

A ransomware attack against one of San Diego's main healthcare systems has lasted for 12 days so far, resulting in lab test delays and forcing doctors and nurses to use pen and paper.

Regardless the industry, ransomware continues to plague organizations throughout the pandemic.

While last week’s incident affecting Colonial Pipeline, the largest refined-products pipeline in the U.S., has commanded headlines, Scripps Health, a nonprofit healthcare system with over 13,000 employees, continues to deal with the fallout surrounding a nasty incident for the 12th straight day.

A cyberattack at the company, which serves the San Diego area and services 700,000 patients through five hospitals and 19 outpatient facilities, forced Scripps offline on May 1.

The hospitals and outpatient urgent care centers are still providing service, using “offline documentation methods” or paper records but the company's website and its MyScripps service, the company's personal health portal, remain offline. The system's main website,, is still down as of Wednesday, May 12.


While certainly not ideal, Scripps and other hospitals have unfortunately become used to losing computer access and being forced to switch to pen and paper over the years. Academic research published last year found that almost half of U.S. hospitals that have experienced electronic health record downtimes from 2012 to 2018 involved some form of a cyberattack.

In addition to having to use paper records, the ransomware attack had some physical repercussions as well. Because of the attack, the hospital is technically operating under electronic healthcare record (EHR) downtime procedures, under which it had to postpone and reschedule some patient appointments and divert critical care to other hospitals.

It's unclear exactly how far the ransomware spread after infecting the hospital's networks. Scripps confirmed on Sunday, May 2, that its email servers were hacked overnight but didn't go into depth on specifics.

According to the San Diego Tribune, which obtained a memo from the health system early on, two of Scripps’ four main hospitals were initially infected, including backup servers in Arizona. access to medical imaging was also affected, according to the paper.

it wasn't until almost a week later, last Friday, May 7, that the California Department of Public Health (CDPH) described what was Scripps was experiencing as ransomware. Until that point, Scripps simply said it was dealing with “a network outage that resulted in a disruption to our IT systems.”

Given the miscommunication, perhaps it’s not a huge surprise that there’s still a lot of unknowns here.

it's not clear, at least based on the information the healthcare system has released, what strain of ransomware its dealing with, what the attack vector may have been, if it had the appropriate backups in place, or how much the attackers are asking for a ransom. It's also not clear whether the attack has had any impact on patient data.

The hospital makes millions - it reported revenues of $899.6 million in the second quarter of last year – which helps explain why it was a mark for a ransomware attack.

Most healthcare services companies continue to prove ripe for cyberattacks, especially those leveraging ransomware.

Universal Health Services (UHS) - a Fortune 500 company that specializes in telemedicine and helps facilitate appointments, lab results, and other documents - may have experienced the longest downtime. 400 of its U.S. health system sites were offline for three weeks beginning in late September last year. The company said this March that the attack, which came at the hands of the Ryuk ransomware, cost it around $67 million to recover from.

More recently, last week, CaptureRX, a third-party administrative service used by hospitals acknowledged that thousands of patients had their personal information - first name, last name, date of birth, and prescription information - accessed following a ransomware attack in February. Tens of thousands of patients from at least five health systems had their data stolen in the hack.

Tags:  Ransomware

Recommended Resources

The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.