Scripps Health has restored access to patient medical histories, and expects to have its electronic health records later back this week, almost a month after it was first hit by a ransomware attack.
In a letter to patients Monday, CEO and President Chris Van Gorder acknowledged patient frustrations that the San Diego-based health system wasn't communicating enough. But he said they haven't been as transparent because sharing more details has put Scripps at increased risk of more attacks.
"This is not hypothetical; other attacks are already using what is being reported in the media to send scam communications to our organization," Van Gorder wrote, also confirming that the cyberattack was in fact via ransomware.
To contain the malware, Scripps took a portion of its network offline, disrupting access to the health system's email servers, patient portal and other applications. Patients took to forums like Facebook and Reddit to voice their frustrations with getting through to the system to confirm surgeries, and in some cases, had to delay care as a result.
One of those patients was 63-year-old Allison Gerber Weisman, who's been a Scripps patient for over five years. Shortly after the May 1 attack, her breast biopsy appointment was cancelled, and she was initially unable to reschedule.
"The lack of communication with their patients was the worst part," Weisman said at the time. "Cyber-attacks happen, but problem is when they don't communicate with their patients as to what's going on."
Weisman, after posting multiple times on Facebook, said she received a call from a Scripps patient care representative who fast tracked her appointment rescheduling request, and she was able to obtain her biopsy. She said the stress of potentially receiving a breast cancer diagnosis, topped with navigating a downed system that had no end point in sight, was a lot of manage.
"We know that this incident has been a hardship for our patients, employees and our physicians, and we are truly sorry," Van Gorder wrote.
Patients should be able to log in to their MyScripps health portal also later this week. Scripps is also working with federal law enforcement and their own IT teams are working around the clock.
Health systems around the country are increasingly under attack by hackers, in part because there are a lot of employees who access IT systems remotely, and system security has historically taken a back burner to other priorities.