Five days after delcaring an "internal disaster" due to a cyberattack, Tri-City Medical Center in Oceanside is still diverting ambulance traffic to other hospitals.
On Thursday, Nov. 9, the hospital announced it had become aware of the attack and took its systems offline.
Hospital management said they’re still serving patients with emergency needs, but they’ve halted all elective medical procedures.
“Right now they're still probably in response mode — trying to figure out what happened, trying to contain the infection, trying to see how far it spread,” said University of San Diego cybersecurity professor Nikolas Behar.
He said hospitals and health care facilities face extra risk for cyberattacks due to their large assortment of medical devices. "Those devices aren't updated as often as regular computers,” Behar said, "because patients' lives are depending on those devices.”
Less-frequent updates can leave systems vulnerable to attack.
This isn't the first local health care organization to be affected by cyberattacks.
UC San Diego Health, Sharp HealthCare, San Ysidro Health and Scripps Health have all dealt with data breaches of different sizes in recent years.
“It was hell on earth,” said Scripps Health CEO Chris Van Gorder, describing a 2021 ransomware attack that had major impacts on their organization.
“First thing you have to do is stop the intrusion, and that means going to paper everywhere. Meaning runners are running reports back and forth. So you really have to change your operations completely,” Van Gorder said.
Since Tri-City’s internal disaster was declared, Van Gorder said Scripps has received 20 to 25 more ambulances per day — primarily in Encinitas. They normally receive around 35 a day at that location.
“We are on what we call code ABC — which is all bed crisis — meaning that our hospital is absolutely full,” he said. “It could be a significant number of patients waiting to be admitted to hospital beds. Or we even have to transfer some of those patients to other Scripps facilities.”
Kaiser Permanente said their newly opened San Marcos hospital has also seen significant increases in the emergency department volume since the Tri-City internal disaster declaration.
Palomar Health, which operates hospitals in Escondido and Poway, said they had a slight increase in some ambulance traffic initially but that it has now leveled off.
Behar said the cyber criminal landscape has shifted in the last few years so they can work together more easily to compromise organizations.
“I think it's just a matter of there's more actors out there that are launching these types of attacks,” the USD professor said.
As for Tri-City patients, Behar said to be vigilant and practice basic cyber hygiene in case the attackers get a hold of personal information.
He said that includes using strong and unique passwords, using multi-factor authentication and keeping systems up to date.
“In case your data has been leaked, then you should do things like make sure you're checking your credit on a regular basis to ensure that no fraudulent accounts have been opened. You can also freeze your credit,” Behar said.
Tri-City said they are working with law enforcement and cybersecurity specialists to investigate the attack, restore their systems, and try to prevent future attacks.
