Information Scarce As Cyber Attack Disruption At Scripps Health Continues
Speaker 1: 00:00 Hackers are exposing vulnerabilities in two industries today, healthcare and energy, a possible spike at the pump could be coming soon after a ransomware attack, shut down a main fuel pipeline for the East coast and here locally script's health, one of San Diego's largest healthcare providers was also the target of a ransomware attack last week, and they are still trying to recover. It's been reported. The hack has forced doctors and nurses to monitor and log patient care offline. Meaning with pen and paper, the hack is also reportedly disrupting communication with patients and access to medical records, KPBS health reporter, Matt Hoffman joins us now with more Matt welcome. So you reported on Friday that the cyber attack on script health continues anything new today. I mean, do we even know what systems are down? Speaker 2: 00:49 Right. So the cyber attack is still ongoing. We're more than a week into this. The scripps.org website is still down. There's a new message posted on there that at least says that we're unavailable. Uh, they're directing people to a number to call, but, um, you know, as this sort of grows here, uh, we're hearing from a lot of very frustrated patients that some of their critical care is being delayed. Now it is important to note to Jay that, um, scripts officials do say that, um, you know, some surgery, some procedures are still going, they are still open. Uh, even though we're hearing that a lot of things are being delayed canceled or pushed back. Speaker 1: 01:21 And as you mentioned, you've been in communication with a script's representatives. Are they offering any information on which of their systems have been affected or what patients should do if they can't get scheduled treatment? Speaker 2: 01:33 Yeah, so script's officials, um, uh, at least from my perspective are being a little bit tight lipped on details. Now, the last update that they gave us officially was on Wednesday. And that's when they had sort of said that, um, you know, this is still ongoing. We're working around the clock, we've contracted with this cybersecurity firm to help address this issue and bring our systems back online. Now we're not hearing from scripts. They're not saying they're not confirming if this is a ransomware attack. And we are seeing some other reporting on that saying that this is a ransomware attack, like a situation where, um, their data has been stolen. And then somebody saying, Hey, you need to give us money or else we will not give it back to you. It's definitely a bad, bad security breach. Speaker 1: 02:08 Are they saying why they're being so tight lipped about details? Speaker 2: 02:11 You know, they, they say that they're sharing info as they can. And as they are able to, if you go like on their Facebook, like there's a lot of people frustrated that they are responding back on social media saying, Hey, call this number. They're giving them a one 800 number to call it, you know, to help reschedule appointments. Um, and I'm, you know, talking to some patients sort of getting different varying results. You know, some people aren't even able to contact like their primary care doctors. Um, some people are April contact, their primary care doctors. Some people are having some success in, in the rescheduling, but others are not. So it seems really, really hit and miss. Speaker 1: 02:40 So what H w what's happening when say someone's in an accident who would ordinarily be taken to script's Memorial? I mean, what's the impact on emergency rooms, uh, even at U U C S D and sharp. Speaker 2: 02:52 Yeah. So last week we heard from both of those two healthcare giants, um, that they were seeing an increase in admissions to their emergency departments, a sharp healthcare officials saying that's because script's health is on bypass in their emergency departments really, um, that, uh, you know, showing how deep this hack is going here. Now, scripts officials and County health officials would not confirm that the script's hospitals were on bypass in the emergency departments. Even though we heard, we are hearing that from some of the other healthcare organizations and County officials last week, we're describing it as a very, you know, developing situation. Speaker 1: 03:23 Uh, a few agencies have been called in to investigate this, who are they? And what exactly are they trying to figure out at this point? Speaker 2: 03:29 Right? So we, we know that the FBI is aware and they won't comment as of last week in terms of specifics on the investigation. But they do say that, you know, regularly when these sort of attacks happen, uh, that they give advice to the private sector, um, before and after. So, uh, we don't know a ton about locally, but we do know that federal officials are definitely looking into this. Speaker 1: 03:47 And Matt, it appears from what facts have sort of dribbled out so far that Scripps is not paying a ransom or providing whatever the attackers want as you've mentioned, but they are instead trying to restore their systems. How big of a task would that be? I mean, have they first even been able to assess the extent to which systems have been hacked, Speaker 2: 04:05 You know, talking to a cybersecurity expert, Jay, it's a very, very large task. I mean, basically he would say they have to go machine by machine, um, and sort of clear out the malware, make sure that there's no malware on the computer. Um, because in terms of, you know, we know that they first discovered this, you know, more than a week ago over the weekend. Um, but this, this could have been going on for, for weeks, months, years in terms of, uh, these, these hackers and these attackers, you know, slowly collecting data, uh, slowly, uh, attacking the system here. So this could be a process of weeks months, or it could be resolved fairly quickly Speaker 1: 04:37 Are hacks of health systems and hospitals common. Speaker 2: 04:40 I don't know if the word is common, but they are happening more and more. And we see them in these sort of ransomware scenarios where they're taking some very, very important data. And if these hospital systems don't have good backups, then they may have to pay it. Speaker 1: 04:53 And what about the California department of public health? What kind of role are they taking? Speaker 2: 04:57 Yeah, they say that they are closely monitoring the situation and basically, you know, they're monitoring the whole critical care delivery system here. You know, especially if those emergency departments are diverting patients, they say that they can step in if they need to, you know, and sort of, you know, be boots on the ground. Um, but they said that they don't need to do that yet. Speaker 1: 05:14 I've been speaking with KPBS health reporter, Matt Hoffman, Matt. Thank you very much. Thanks, Jared.