After experiencing a cyberattack on Saturday, Scripps Well being suspended entry to a number of IT functions properly into Monday and rescheduled some affected person appointments.
The safety incident was detected late on Saturday, mentioned Keith Darce, a spokesman at San Diego-based Scripps Well being, in an e-mail. The well being system suspended consumer entry to varied IT functions, together with its web site and MyScripps affected person portal — each of which remained inaccessible till Monday afternoon.
“Our technical groups and vendor companions are working tirelessly to resolve points associated to the cyberattack as shortly as potential,” Darce mentioned.
Scripps Well being amenities, together with its hospitals, emergency departments, pressing care facilities and different outpatient amenities, are open for affected person care, although some are counting on established backup processes like “offline documentation strategies,” Darce mentioned.
As well as, a number of appointments scheduled for Sunday and Monday had been postponed.
Scripps Well being’s official assertion didn’t point out what sort of cyberattack it skilled. However, based on an inside memo obtained by The San Diego Union-Tribune, it was a ransomware assault that impacted techniques in two of Scripps’ 4 hospitals, disrupting affected person care, together with the digital monitoring of significant indicators.
Additional, all Scripps Well being hospitals started diverting stroke and coronary heart assault sufferers to different amenities when potential over the weekend, The San Diego Union-Tribune reported. Scripps didn’t verify the diversions.
The Scripps Well being cybersecurity incident comes on the heels of quite a few comparable assaults amongst suppliers. Main information breaches had been found at Livonia, Michigan-based Trinity Well being, Pittsburgh-based UPMC and Omaha-based Nebraska Drugs earlier this 12 months. Although it’s unclear if patient data was compromised at Scripps Well being, the string of cybercrime experiences reinforces how difficult IT safety continues to be for suppliers — particularly through the Covid-19 pandemic.
The pandemic elevated healthcare’s dependency on IT instruments, not solely due to the rising recognition of companies like telehealth but additionally due to the transfer to distant work. These traits heightened the danger of cybercrime in a number of methods, together with rising the ports of entry for cybercriminals.
“To guard themselves and their sufferers, healthcare organizations should undertake a real tradition of safety that features a holistic strategy to how danger is recognized and mitigated, beginning with training and lengthening into adoption of safety finest practices, steady monitoring and common testing to make sure that no gaps have been missed,” mentioned Chris Clements, vp of options structure at cybersecurity agency Cerberus Sentinel, in an e-mail.
Particularly, suppliers should change into extra diligent about securing their functions, together with affected person portals, with protocols like multi-factor authentication, mentioned Erich Kron, safety consciousness advocate at KnowBe4, a supplier of safety coaching options, in an e-mail.
Organizations also needs to present frequent safety consciousness coaching to their workers to assist them spot and report e-mail phishing assaults, he mentioned.
Picture: JuSun, Getty Photos