Scripps Wasn't the First: San Ysidro Health Hit By Ransomware Attack in 2020

An online letter sent to patients says cyberattack happened in late 2020

NBC Universal, Inc.

San Ysidro Health, a health care provider with 47 clinics serving 108,000 people, has notified its community that it was the victim of a cyberattack in late 2020 and that data containing the personal information of patients was compromised.

The news about San Ysidro comes in the wake of headlines last week about an outage at Scripps Health that has continued into this week. An official at the California Department of Public Health described that incident as a ransomware attack.

In response to the attack at San Ysidro Health, the health service's IT service provider paid an undisclosed amount to the attacker in exchange for assurance the data would be deleted.

The FBI confirmed that it was aware of the cyberattack but would not give out any other details.

It’s not clear where the attack originated or how much money was paid to the hacker or hackers. Details of the incident were spelled out in a message posted on the San Ysidro Health web site.

The letter, dated April 8, 2021, said that San Ysidro Health learned of a data security incident experienced by Netgain Technology, the IT service provider for Health Center Partners of Southern California (HCP). HCP supports community health centers and services for San Ysidro Health.

In late September 2020, according to the letter, an unauthorized third party gained access to Netgain’s digital environment, and between Oct. 22 and Dec 3, 2020, obtained files containing HCP data.

Ignite San Diego

Shining the spotlight on local businesses making an impact in your neighborhood

Imperial Beach nonprofit helping feed families in need in San Diego County

Netgain stated that it paid an undisclosed amount to the attacker in exchange for assurances that all copies of this data would be deleted and that the cyber crook(s) would not publish, sell or otherwise disclose the data.

NBC 7 reached out to Netgain for more information and received the following statement:

"The threat to our environment was contained and eradicated in December, and Netgain restored services for its impacted clients. In addition, our cybersecurity experts have been monitoring for any signs that the data has been misused; to date, no such indications have been identified.  

Netgain has already implemented a number of enhancements to our security posture, including an advanced around-the-clock managed detection and response service for proactive threat monitoring. We will continue to layer additional proactive and defensive measures based on innovations in the security industry. 

Unfortunately, no company or government agency is immune to cyberattacks and such attacks remain a growing threat to every organization. We are confident in our abilities to respond to the evolving threat landscape and continue to strengthen and evolve our security policies and controls."

Meanwhile, the letter from San Ysidro Health said the provider is not aware of any misuse of personal information as a result of the incident. It does concede, however, that impacted files could include names, addresses, dates of birth, clinical information, health insurance information and treatment cost information.

For a small number of patients, according to the letter, Social Security numbers and prescription information may have been contained in the impacted files.

Outside of a San Ysidro Health facility in Chula Vista, several patients said they were unaware of the cyberattack but did not seem concerned.

“I didn’t know anything," Grace Ortiz said, "but I haven’t seen anything wrong. I know that if there was, my doctor would have called me right away if something was happening."

HCP said it has worked with Netgain and implemented measures to enhance security. The pair has also established a toll free call center at 833-416-0926 to answer questions."

“The privacy and security of our patients’ personal and protected health information is a top priority, and we deeply regret any inconvenience or concern this incident may have caused.”

Contact Us