Play Live Radio
Next Up:
Available On Air Stations
Watch Live


Tri-City Medical Center operating near normal after cybersecurity attack

Things are mostly back to normal at Tri-City Medical Center after a cybersecurity attack. KPBS North County reporter Jacob Aere says the incident lasted more than a week.

Oceanside’s Tri-City Medical Center has restored its electronic health platform and resumed accepting ambulance traffic, while it continues to investigate a cyberattack that forced the hospital to declare an internal emergency. It’s also resumed with elective surgeries and procedures.

Systems were restored as of Nov. 17, eight days after the attack was discovered.

“So now that systems are back online, that most likely means that the threat has been contained and hopefully eradicated,” said USD professor of cybersecurity Nikolas Behar.


He said the cyberattack that was discovered on Nov. 9 may be mostly resolved, but the situation could be far from over.

“According to federal law, any health care organization has to notify patients their information was stolen without unreasonable delay,” Behar said. “And it has to be done in 60 days or less following the discovery of the breach.”

The hospital was on ambulance diversion from the Nov. 9 through Nov. 17. During that time, Scripps Health Care told KPBS they were receiving 20 to 25 more ambulances per day, primarily at Scripps Encinitas, which normally receives around 35 ambulances a day.

“If 500 or more patients have been affected, then the medical provider is actually required to notify the media,” Behar added.

Tri-City hired a public relations firm to deal with this attack. In a statement Monday, the firm said the incident is still being investigated, and they will update staff, patients and the community as more information becomes available.


"The vast majority of our clinical systems are back online following a cybersecurity incident earlier this month in which we took proactive steps to take all of our systems offline," the statement said.

Their statement also said Tri-City’s top priority "has been the health and wellness of our patients" and thanked first responder agencies and neighboring health care facilities that helped during the emergency.

While the cyberattack may be mostly over, Behar said legal trouble could be in the hospital’s future.

“If it is determined that Tri City didn't take appropriate measures to protect patient data, then they could be open to a lawsuit,” he said. “In some of the other health care breaches that have happened in San Diego, we have seen some of the patients that are trying to sue the organizations.”

Tri-City has not said who caused the attack or if patient information was stolen during the incident.

KPBS has created a public safety coverage policy to guide decisions on what stories we prioritize, as well as whose narratives we need to include to tell complete stories that best serve our audiences. This policy was shaped through months of training with the Poynter Institute and feedback from the community. You can read the full policy here.