On Friday, the California Department of Public Health (CDPH) described the ongoing situation at Scripps Heath as a case of "ransomware attacks."
Ransomware typically works by introducing software that encrypts a user's data and holds the decryption key until the ransom is paid. Once that happens, a typical recourse is to reformat and restore the system from backups, a SDSU cyber warfare and cyber terrorism expert Steven Andrés told NBC in 2018
The local health-care provider, which operates five hospitals in San Diego, along with a series of clinics, was hit by a cyberattack over the weekend. Patients and staffers have been unable to access records, email and other technology for six days.
During that time, Scripps Health and county officials have been tight-lipped about the situation, other than to say that experts were working on the situation and that governmental agencies were aware of the incident. Scripps said it had proactively taken part of it's systems down: "Upon discovering the outage, we immediately initiated an investigation and took steps to contain the outage, including by taking a significant portion of our network offline as a proactive security measure."
In that same statement, Scripps described what was happening as "a network outage that resulted in a disruption to our IT systems." On Friday, however, an official with the California Department of Public Health sent NBC 7 the following statement:
"The ransomware attacks were reported to the department. As required by state and federal law, hospitals are required to provide proper patient care at all times, including in any emergency situation. CDPH is actively monitoring the hospitals impacted. These hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital. The department has authority to involuntarily suspend facility licenses in extreme circumstances that pose immediate risk to patient safety. Facilities reliance on emergency protocols does not automatically warrant such action."
It's unknown at this time who is behind the ransomware attack or how much money they are seeking in the ransom. The CDPH referred NBC 7 to Scripps for more details. Later on Friday afternoon, NBC 7 received the following statement from a Scripps Health spokesman:
"... the investigation is ongoing. To date, our investigation has determined that the outage was due to a security incident that involved malware on our computer networks. So as not to compromise the integrity of the ongoing investigation and to maintain our focus on providing the highest level of patient care, we are not able to provide additional details at this time."
"Additional questions regarding the specifics of any demands made to the facilities should be addressed to the facilities themselves," the CDPH statement said.
The CDPH's office of communication said the department is continuing to monitor the situation and said that any patients who feel their care has been compromised can file a complaint with the CDPH, which will investigate.
Scripps Health is not the first major entity in San Diego to be hit by a ransomware attack. In September 2018, cyber crooks hit the Port of San Diego. Hackers breached the Port’s information technology systems and demanded payment in Bitcoin, the agency said, though the amount was not disclosed.