Alex - stock.adobe.com
Healthcare Ransomware Outages: Scripps, Ireland HSE, and NZ Hospitals
In the last few weeks, ransomware attacks on the healthcare sector have led to system outages and EHR downtime at Scripps Health, New Zealand hospitals, and Ireland's health system.
Healthcare remains a key target for ransomware hacking groups, as seen in recent research data and multiple hospital system outages. Scripps Health is continuing recovery efforts two weeks after an attack, while Ireland’s health system and multiple New Zealand hospitals are currently operating under EHR downtime procedures.
In light of the continued targeting in healthcare, covered entities and relevant business associations should review ransomware mitigation, tech, and mediation guidance provided by NIST, Microsoft, and the Office for Civil Rights.
Scripps Health Attack
On May 1, a ransomware incident drove San Diego-based Scripps Health into EHR downtime procedures. In the days that followed, critical care patients were diverted to nearby hospitals, while its patient portal, website, and systems were taken offline.
The ransomware impacted the health system’s servers, disrupting care and services at two of the four main Scripps hospitals and its backup servers based in Arizona. Telemetry data went down at the majority of care sites, as well as medical imaging access.
Some scheduled appointments were also postponed after the cyberattack. Providers and clinicians have been continuing to operate using paper records, as the security team works to recover with assistance from law enforcement and the California Department of Health.
The latest update shows the health system is still experiencing system outages more than two weeks after the attack. A May 15 memo sent to patients confirms the attack as malware, and officials said the security team is working around the clock to restore the impacted systems.
However, officials were unable to detail how long those recovery efforts would take.
In response, the health system has partnered with LabCorp and Quest Diagnostics to provide patients with lab services to maintain care services during the outage. All care sites, including urgent care centers, clinics, emergency departments, affiliated providers, and the four hospitals are continuing to provide care at this time.
But patients should expect to see clinicians and providers using paper records and backup workflows. For now, providers only have view-only access to patient records and medical histories.
At the time of publication, Scripps’ website remains down.
The attack bears similarities to the massive outages faced at the University of Vermont Health Network and Universal Health Services during the initial ransomware wave in the fall. Those attacks caused weeks of outages and millions of dollars in lost revenue and recovery efforts.
‘Significant Ransomware Attack’ on Ireland HSE
The Health Service Executive of Ireland, the country’s public health and social services provider, announced on May 14 that it was currently experiencing a major ransomware attack. Staff were urged to leave devices offline and to switch off the devices from the network.
The attack has caused major IT issues across the Ireland East Hospital Group. The majority of patient appointments have been continuing as scheduled, but patients are being told to expect some delays and to check before visiting care sites, as providers may not have access to their data.
The emergency care services remain open, but officials warned that they’re extremely busy. As such, patients have been asked to consider their care options and “only attend the emergency department in an emergency.” Non-urgent patients were told to expect long delays.
However, some of the country’s hospitals were forced to cancel all outpatient appointments.
From the vast number of updates, it appears the radiology and medical imaging departments across all care sites have been the most affected by the security incident. Appointments for these departments have been cancelled.
The health system is working closely with government partners and the private sector to contain and remediate the attack. Ireland’s National Cyber Security Centre is supporting the health system and attributed the attack to Conti threat actors.
The unscrupulous group has notoriously targeted the healthcare sector, even amid the US national emergency in response to COVID-19. In the last year, the Conti hackers have dumped troves of healthcare data from multiple US providers and specialists.
“The NCSC is also continuing to monitor other networks to address the risk of further attacks,” officials explained. “The HSE have limited networks connectivity to other healthcare providers as a precautionary measure. There are serious impacts to health operations and some non-emergency procedures are being postponed as hospitals implement their business continuity plans.”
“The national vaccination program is not affected,” they continued.
The response and communication demonstrated by the HSE should be noted by US healthcare providers. In a rare move, the health system has been incredibly active on Twitter, providing its patients at least one daily update. In some instances, officials have given multiple updates in a day.
As noted previously to HealthITSecurity.com, communication and transparency are key after a ransomware attack. By keeping patients in the loop, providers can maintain business reputations and allow individuals to be on the alert to potential risks to their personal data.
Cyberattack Impacts Multiple New Zealand Hospitals
A ransomware attack crashed the phone lines and computers across multiple New Zealand hospitals in Waikato, Thames, Tokoroa, Te Kūiti and Taumarunui early this morning, May 18, according to local news outlet Stuff NZ.
Focused on its IT systems, all clinical systems and IT services, except email, have been disrupted by the attack. Officials said they’re postponing elective surgeries, as patient notes are inaccessible. Reports show the attack has caused chaos and turmoil at the impacted hospitals.
Providers are unable to send X-ray images between departments, and there is no computer access. Clinicians and other staff members are using pen and paper for all patient interactions.
The public has been urged not to visit the emergency departments, unless it’s a life-threatening incident. Those patients are being diverted to other care clinics in the area.
An outside cybersecurity firm and law enforcement are supporting the hospital’s recovery team with the investigation and response. Officials stressed that no ransom demands will be paid to the attackers, while system recovery is expected to take several days.
This story will be updated if more information becomes available.
Dig Deeper on Healthcare data breaches
-
DOJ Charges Trickbot, Conti Cybercriminals Known For Targeting Critical Infrastructure
-
FL Senator Urges FBI to Prioritize Tampa General Cyberattack Investigation
-
IL Hospital Reaches $380K Settlement to Resolve Lawsuit Over Healthcare Data Breach
-
CommonSpirit Health Faces Class Action Lawsuit in Wake of Healthcare Data Breach