It's been five days since Tri-City Medical Center was hit by a ransomware attack that shut down most of the hospital's emergency services.
The hospital said it learned about unauthorized activity on its computer network and had to shut down equipment to slow any malware spread. Tri-City placed itself on an Internal Disaster Diversion with San Diego County's Office of Emergency Services, county officials confirmed.
"This means the hospital cannot accept any patients through the 911 system because of a critical disruption of the ability to provide medical services," the county told NBC 7 after the attack.
NBC 7 reached out to Tri-City Tuesday morning to see if its emergency services were still impacted but the hospital has yet to respond.
Get top local stories in San Diego delivered to you every morning. >Sign up for NBC San Diego's News Headlines newsletter.
Nikolas Behar, a University of San Diego cyber security professor, said Scripps Health, UC San Diego Health, Sharp and now Tri-City have all been targeted by some sort of cyber attack in recent years. A county source confirmed the attack was ransomware, which Behar said is typical.
“Once they encrypt the data, they will ask for a certain amount of money, usually in cryptocurrency, in order to unlock the data,” he said. “And then to top it off, usually what will happen after that is they'll commit double extortion. And so they say, ‘OK, now you've paid us to decrypt the data. Now you have to pay us again to not leak the data,'" Behar said.
Hospitals, unlike other businesses, have a higher standard to safeguard sensitive information, according to Behar. At the same time, hospitals are more vulnerable because of their equipment. Things like heart monitors and IV pumps run on older software systems that make the hospital more liable for attacks.
Local
Most hackers are in Eastern Europe. Behar said there’s an advantage to doing this abroad.
“When they operate out of Eastern Europe, oftentimes Russia, the government turns a blind eye to these types of crimes,” he said “A lot of times what'll happen is these actors are living a double life. So, during their working hours, during the daytime, sometimes they'll work as intelligence agents for that government, and then they'll moonlight as a hacker, hacking into foreign organizations and making money that way on the side.”
For Tri-City patients or any impacted by future cyber attacks, Behar suggests keeping a close eye on your credit and consider freezing it for the time being.
Also, practice what he calls “cyber hygiene” which means enabling multifactor authentication and using strong passwords whenever possible.
Behar advises either Tri-City or an insurance company will likely offer patients identity protection. It's important that patients read the fine print very carefully, because if somebody accepts that service, they may waive their right to sue the hospital.