Less than a week after a cyber-attack on Scripps Health forced the postponement of many procedures, things have gone from bad to worse for Scripps health care workers.
At least three Scripps employees tell NBC 7, not only have their hours have been cut because of postponed procedures, but now they’ve been told they’ll have to use their vacation time, or not get paid at all for the cut hours.
Many of the health care workers, who are non-union employees are still reeling from long hours working with COVID-19 patients.
“Scripps should cover our lost wages during this time. They should be covering it and not expect nurses to dip into their PTO (personal time off) when we’ve just come out of Covid and we need our vacation time,” said one health care worker who requested anonymity for fear of repercussion.
One of the workers called the cyber-attack preventable, and feels employees are being punished for something they had nothing to do with.
“Scripps needs to do the honorable thing, support their nursing staff that worked so hard and have worked tirelessly this last year, and support us with our pay,” said the worker.
Scripps Health did not respond to this specific issue, only referring NBC 7 to a statement issued earlier this week that acknowledges the cyber-attack.
The workers criticized Scripps for maintaining a "hush-hush" attitude and failing to keep its employees informed of their status.
“It’s extremely frustrating. I’ve given my life to this institution. They didn’t have the proper thing in place to prevent this from happening, although it’s happened everywhere," the employee said.
On Friday, the California Department of Public Health (CDPH) described the ongoing situation at Scripps Heath as a case of "ransomware attacks."
An official with the California Department of Public Health sent NBC 7 the following statement:
"The ransomware attacks were reported to the department. As required by state and federal law, hospitals are required to provide proper patient care at all times, including in any emergency situation. CDPH is actively monitoring the hospitals impacted. These hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital. The department has authority to involuntarily suspend facility licenses in extreme circumstances that pose immediate risk to patient safety. Facilities reliance on emergency protocols does not automatically warrant such action."
It's unknown at this time who is behind the ransomware attack or how much money they are seeking in the ransom. The CDPH referred NBC 7 to Scripps for more details.