SA国际传媒

SA国际传媒

Cyberattack forces Calif. hospital to divert ambulances

Tri-City Medical Center rerouted ambulances due to what officials called 鈥渁n internal disaster鈥

TriCityMedicalCenter.jpg

Tri-City Medical Center/Facebook

By Paul Sisson
The San Diego Union-Tribune

OCEANSIDE, Calif. 鈥 Tri-City Medical Center is diverting ambulance traffic to other hospitals Thursday as it copes with a cybersecurity attack that has forced it to declare 鈥渁n internal disaster鈥 as workers scramble to contain the damage and protect patient records.

The Oceanside facility鈥檚 management confirmed the situation in a brief statement, indicating that the hospital鈥檚 emergency department remains 鈥減repared to manage emergency cases鈥 that may arrive in private vehicles and is 鈥渨orking with our other health system partners to ensure the provision of health care for our community.鈥

Tri-City officials did not specify the exact nature of the attack, saying that the medical center 鈥渋s experiencing a cybersecurity challenge at this time,鈥 but not specifying the exact nature of the threat, except to say that it 鈥渋s similar to situations that have impacted other health care providers across the country.鈥

As a recent federal cybersecurity bulletin , ransomware 鈥 malicious software that extorts payment while holding an organization鈥檚 digital infrastructure hostage 鈥 remains the most serious threat, with a version called 鈥淣oEscape鈥 currently spreading in multiple business sectors.

Tri-City management declined to confirm that the threat was ransomware, though several people familiar with the situation who asked not to be identified said that it was the suspected culprit.

鈥淲e鈥檙e in the midst of a forensic analysis, and as soon as we have more information, we鈥檒l share,鈥 said Aaron Byzak, Tri-City鈥檚 chief strategy officer and spokesperson.

The public district hospital, which has served the Oceanside, Carlsbad and Vista area of North County since 1961, had 144 staffed beds in its most recent quarterly disclosure to the state. The attack comes at a particularly inopportune moment as the independent medical provider conducts due diligence with UC San Diego Health, which Tri-City selected to run its operations under a joint powers agreement.

Health care organizations are increasingly targets of digital mayhem with the U.S. Office of Information Security that data breaches 鈥渉ave doubled in three years.鈥 A report summarizing activity worldwide found that the average ransom demand 鈥済rew by 45 percent from 2020 to 2021 when it was $247,000.鈥 The largest ransom in 2020, the government report said, was $30 million, with that figure jumping to $70 million in 2021.

A of ransomware attacks published in late 2022 by researchers in Minnesota and Florida documented 374 ransomware attacks against health care delivery organizations from 2016 through 2021, finding that the personal health care information of more than 42 million Americans was exposed and nearly half 鈥渄isrupted the delivery of health care, with common disruptions including electronic system downtime, cancellations of scheduled care and ambulance diversion.

Health care providers are currently going through similar struggles in Southwest Ontario Canada where attackers 鈥渟tole millions of files containing staff and patient data, and locked the hospitals out of their own systems,鈥 according to a recent news .

Brett Callow, a threat analyst for for Emisoft, a company that makes software that protects against cyberattacks, said Thursday that the most common scenario when a hospital is attacked is 鈥渄ata being stolen from the (organization鈥檚) computers prior to them being locked.鈥

鈥淭hese incidents don鈥檛 only affect the hospital that鈥檚 under attack, they affect adjacent hospitals too as they have to take additional patients and, of course, many hospitals are already stretched close to the breaking point,鈥 Callow said in an email. 鈥淭he biggest concern is obviously the impact of patients.鈥

San Diego County health care providers are no strangers to severe cyberattacks. In 2021, a ransomware shut down much of the Scripps Health network, crippling electronic health care record access and forcing bedside workers to return to paper record keeping. Access to medical imaging was also severely impacted, and the organization鈥檚 subsequent financial statements indicated the monthlong siege cost $113 million in lost revenue in addition to millions spent on settlements with affected patients.

In the summer of 2021, UC San Diego Health also that it suffered a data breach that resulted in the potential release of protected information, though the incursion did not affect day-to-day operations.

It was not clear Thursday morning just how much the Tri-City attack has impacted the delivery of health care to patients currently being cared for at the facility.

Calling the situation 鈥渇luid,鈥 Tri-City said it appreciates the 鈥渃ommunity鈥檚 support and understanding,鈥 and that its 鈥減riority is our patients鈥 safety, and protecting their private health information.鈥

漏2023 The San Diego Union-Tribune.
Visit .
Distributed by

RELATED: