Trending Topics

Calif. hospital continues diverting ambulances as cyberattack hits data systems

Authorities are investigating the cyberattack that demanded ransom from Tri-City Medical Center in Oceanside


File image of Kaiser Permanente’s Tri-City Medical Center in Oceanside, California. (The San Diego Union-Tribune/TNS)

By Paul Sisson
The San Diego Union-Tribune

OCAENSiDE, Calif. — A cyberattack continued to affect operations at Tri-City Medical Center more than 24 hours after it began Thursday morning.

In a short statement sent Friday afternoon, hospital management said that it has temporarily halted all elective medical procedures as it works “to restore our systems to full functionality,” after taking its information systems offline when suspicious network activity surfaced Thursday morning.

While the public hospital district on State Route 78 has continued to receive patients who arrive at its emergency department, the county emergency medical system continues to divert ambulance deliveries to other hospitals.

Tri-City said Friday afternoon that it is working with cybersecurity specialists and law enforcement to investigate the attack. It still has not said whether the cybercriminals responsible for infiltrating its data systems have demanded a ransom, which could have privacy implications for patients.

Tri-City said it took its information systems “offline” as soon as it detected suspicious activity on its data network Thursday morning.

Often, sophisticated attackers infiltrate a victim’s network clandestinely, downloading sensitive data before revealing themselves, encrypting computers and affecting operations. Victims can find themselves warned not to simply wipe their computers clean and restore from offline backups lest stolen files containing sensitive patient information be posted to publicly accessible sites on a shady corner of the Internet called the dark web.

[RELATED: Why cybersecurity is important for EMS leaders]

Tri-City also declined to say whether it has access to its electronic medical records system, which is central to treating patients. Other hospitals faced with similar attacks have lost records access, forcing front-line caregivers to return to paper record keeping.

“Our top priority remains the health and wellness of our patients, and we continue to serve patients,” Tri-City’s statement said.

While the public might wonder why the hospital isn’t saying more about its current situation, Chris Van Gorder, chief executive officer of Scripps Health, which got hit by a ransomware attack in 2021, said that communications are curtailed in the aftermath of an attack.

“Lawyers tell us to reduce risk in certain circumstances by saying less despite our desire to say more,” Van Gorder said.

Having been through an attack that caused millions in losses and generated a class action lawsuit from patients, the executive said that there needs to be a shift in thinking about these attacks, ones in which there is some assumption that they could have been prevented by tighter security.

“Hospitals are the victims in these circumstances, but our laws and regulations sometimes make them victims,” Van Gorder said. “Most information systems experts will tell you that protecting systems from a cyberattack is not 100 percent guaranteed. Otherwise, why would our government entities with unlimited resources get successfully attacked?

“This is a war against international terrorists.”

The executive said Scripps Memorial Hospital Encinitas has seen some increased emergency department traffic since the attack began. It was not clear whether Palomar Health, which operates two inland North County hospitals, had seen more significant increases in patient traffic.

©2023 The San Diego Union-Tribune.
Distributed by Tribune Content Agency, LLC.

EARLIER: Cyberattack forces Calif. hospital to divert ambulances