NBC 7 has learned the Scripps Health cyberattack -- and lack of answers -- is prolonging care for patients, including a much-needed surgery for a woman with a rare disease.
Two months ago, Jonaliza Monforte, 21, was diagnosed with moyamoya disease -- a rare condition that restricts blood flow to the brain because of narrowed vessels. It can put people at risk for a stroke.
“Nobody can really tell how fast my progression is,” Monforte said. “I was told that I’m needing the surgery soon.”
Monforte is a Scripps patient but needs surgery from a specialist at Stanford University.
Get top local stories in San Diego delivered to you every morning. Sign up for NBC San Diego's News Headlines newsletter.
But here’s the problem: Saturday’s cyberattack forced Scripps Health offline and Monforte said she can’t get her medical records and images sent to Stanford, which is prolonging her surgery.
She said she can’t get answers from Scripps when she calls.
“Every time I would call they would just tell me that their system is still down and to keep calling every day.”
Local
During business hours on Wednesday, a Scripps representative declined to comment further on the state of the attack and the damage it has caused, but someone was answering questions on the Scripps Facebook page.
“We are actively working to restore our systems as soon as it is safe. We are working with the top global experts in the field of cyber security as well as local and federal government. Systems will be restored as soon as possible,” Scripps posted via the app.
Scripps Health Statement Released Wednesday
Toward 5 p.m. Scripps Health sent out the following statement via what appeared to be an employee's persona Gmail account:
On May 1, Scripps Health began experiencing a network outage that resulted in a disruption to our IT systems at our hospitals and facilities. Upon discovering the outage, we immediately initiated an investigation and took steps to contain the outage, including by taking a significant portion of our network offline as a proactive security measure. An independent cybersecurity firm was engaged to assist in our investigation and restoration efforts. While the investigation is ongoing and in the early stages, we have determined that the outage was due to a security incident involving malware on our computer networks. Scripps technical teams are working 24/7 to restore our systems as quickly and safely as possible, and in a manner that prioritizes our ability to provide patient care.
While this incident has resulted in operational disruptions at our hospitals and facilities, our clinical staff is trained to provide care in these types of situations, and are committed to doing so. Scripps Health physicians, nurses and staff are implementing workarounds to mitigate any disruptions and provide uninterrupted care to our patients.
As a result of this incident, we need to reschedule some patients’ appointments and are reaching out to them to do so. Patients who have appointments scheduled during the next several days and are unsure about their status may call 1-800-SCRIPPS for more information.
Scripps Health Staffers Share Concerns
Two Scripps health care workers who asked to remain anonymous told NBC 7 earlier in the day that they’re concerned about patient care.
“It’s very frustrating,” one worker said. “We’re on the front lines with our patients and we’re being asked questions and we don’t have information to give them.”
Another works with cancer patients and said that treatments have been postponed.
It’s been five days with Scripps providing minimal information. It’s unclear how long the system will remain unavailable and how big the scope of this cyberattack is on patients’ health.
“I do understand that this thing is hard for them, but I just hope there was a backup for them to get a hold of some medical records, especially for other patients as well that are in a life-threatening situation,” Monforte said.
Many are also wondering what systems were in place to thwart an attack and how long it took to inform outside agencies that handle these types of attacks.
Several patients have been able to get surgeries. Others have had important appointments canceled.
San Diego County Comment on the Outage
Donnie Ryan, the communications officer for San Diego County's Public Safety Group, told NBC 7 the following regarding the hack at Scripps: "Requests for Emergency Medical Services (EMS) responses continue to be met in San Diego County while Scripps Health recovers from the cyberattack that occurred over the weekend. The emergency health care system in the county is less stressed now than it was during the heights of COVID, and the public should be reassured that emergency response needs are being met. We recommend contacting Scripps directly for the latest updates on the cyberattack."
Ryan also issued the following statement regarding ambulance services: "Ambulance-patient routing (for both paramedic and EMT ambulances) is being handled through the base hospital system, as usual. The system is designed to get the patient to the best location for care depending on location, type of injury and hospital capacity at that time."