No signs of relief in Scripps ransomware shutdown

A ransomware attack continued to plague Scripps Health Monday, creating confusion for patients and their families, especially those who were scheduled for appointments this week.

After fighting to regain control of its systems since the incident occurred on Saturday, Scripps said early Monday afternoon that it still had not resolved the technical terrorism that put its patient records, scheduling and other critical systems offline, forcing medical personnel in hospitals and other facilities to revert to paper for the time being.

No specific timeline for when things might be back to some semblance of normal was offered.

Scripps has not yet confirmed that ransomware — malicious software that is capable of holding digital assets hostage under a demand for cash — caused the outage. However, The San Diego Union-Tribune obtained an internal memo that implicates that particular attack vector which also, apparently, affected Scripps’ backup servers in Arizona.

Internet forums were filled with Scripps patients seeking more information on when they might be able to learn more about what would happen with existing appointments made before the weekend.

Noah Tyler of Carlsbad said he was scheduled for an esophageal diagnostic procedure and was to receive the location of the appointment over the weekend through Scripps’ electronic patient portal. But access to that scheduling system flatlined after the attack, and calls to Scripps’ after hours help line Sunday made it clear that no one had access to the scheduling system.

“They couldn’t even look up basic information. They were obviously flabbergasted,” he said.

Finally, about 45 minutes before his appointment was to begin on Monday, he said, he received a call from Scripps indicating that all imaging and appointments involving X rays are being cancelled.

“I’m not really sure how they managed to know that I had an appointment scheduled, because they didn’t yesterday,” Tyler said. “It’s just surprising to me how much of their system has been totally affected without the ability to fall back on something.”

The attack forced the health system’s four main hospitals to switch to paper records for their existing patients even as serious emergencies including trauma, heart attacks and strokes, were diverted to other hospitals.

Bryan Wilson and his wife, Alexa, arrived in labor at Scripps Memorial Hospital Encinitas Sunday morning and noticed that, while “nobody was in panic mode,” none of the computers in the facility’s emergency department appeared to be turned on, except for one that displayed a clear error message.

Nobody mentioned the possibility of a ransomware attack, Wilson said, until he spotted a mention on news-focused social media site Reddit.

With the hospital’s network down, electronic vital sign monitoring was not functional, and a nurse was assigned to record the information manually.

Overall, Wilson said, the experience went smoothly with the couple’s daughter, Liliana, born at about 5 a.m.

Though the hospital’s food ordering system was still down as of Monday morning, generic rather than custom meals were delivered a little late.

“Other than that, the delivery went great,” he said in an email.

Quentin Clark of Mt. Helix said his experience was similar. He said his mother, Ruth, was admitted to Scripps Memorial Hospital La Jolla for monitoring Friday after experiencing dizziness and other heart-related symptoms.

A procedure was about to get underway when the outage happened Saturday, taking away access to patient records just when they were needed. Unfortunately, the record of Ruth’s negative COVID-19 test was part of her digital patient record, meaning it was unavailable. She had to undergo a second test, the kind that requires a deep nasal swab.

Otherwise, though, Clark said the procedure went smoothly.

Though the hospital’s digital network remained offline, the medical team, he said, was still able to get diagnostic images of the head to insure that there was no bleeding.

The experience, he said, emphasized that while technology is pervasive, it’s the people that really count.

“I didn’t really notice a lot of drop in care at all,” he said. “I was really happy with the way that the staff was handling my mother’s situation.”

But it was clear, he added, that things were still locked up tight at Scripps on Monday. It was impossible to schedule a follow-up appointment with his mother’s doctor.

Scripps said in a statement early Monday afternoon that it is reaching out to patients with appointments schedules in the next few days. Anyone unsure about their status can call (800) 727-4777.

The attack so pervasively affected operations that even coffee drinkers didn’t catch a break.

Monday morning, Scripps employees looking for a caffeine fix or a quick bite had to pay cash at the café outside Scripps Memorial Hospital La Jolla because the electronic system that usually allows them to pay by tapping an ID badge was also out of order.

A makeshift sign scribbled onto a notecard and placed behind the tip jar read “Payroll down,” followed by a sad face.

Earlier that morning, Scripps issued an announcement warning staff not to log into their computers, according to an imaging technician who requested to remain anonymous. Instead, staff are maintaining paper records, relying on so-called “downtime” procedures that the health system usually uses when it’s updating its electronic systems — and, even then, only briefly.

A hand-written sign at Scripps Memorial Hospital La Jolla Monday, May 3, indicates cash-only purchases due to a ransomware attack.

(Jonathan Wosen)

The employee added that some of the patients she has spoken with already knew about the cyberattack from local news reports, while others were hearing about it for the first time. Of those who knew about the situation, some received phone calls from Scripps letting them know they could still come in for their appointment.

“Some appointments we’re able to keep, and some we had to cancel,” she said. “But they’re doing their best.”

Staff writer Jonathan Wosen contributed to this report.