Advertisement
Share

Scripps website back up, patient portal still down

View of Scripps Memorial Hospital in Hillcrest.
(Sandy Huffaker/For The San Diego Union-Tribune)

Investigation into what data, if any, was potentially affected remains ongoing

Nearly three weeks into a ransomware attack, Scripps Health announced that its main website, scripps.org, is back up and running. My Scripps, the digital portal that patients use for everything from making appointments to communicating with doctors, was still returning an error message as of Thursday, May 20.

One of the most important questions on patients’ minds since the attack occurred on May 1 is whetherpatient data stored in Scripps’ electronic medical record has been downloaded from servers and is at risk of disclosure or sale in the darker corners of the Internet.

A check Thursday, May 20, of sites that hacker gangs use to publish stolen data did not show anything from San Diego’s second-largest medical provider. It appears, despite 19 days of continuous investigation, that Scripps still doesn’t know to what extent highly sensitive records left its custody.

In a “frequently-asked questions” list posted at scripps.org, under the heading “has my data been compromised?” Scripps says: “The investigation into the scope of the incident, including whether data was potentially affected, remains ongoing. Depending on the investigation’s findings, we will be sure to provide notifications to affected individuals in accordance with all applicable laws.”

It appeared that Scripps medical personnel recently regained some limited access to electronic health records. Citing a leaked internal memorandum, NBC 7 San Diego reported Wednesday, May 19, that Scripps medical staff are now able to view patient information that existed prior to May 1 when the attack forced all to switch to documenting care in paper charts.

A patient who said they have been admitted at a Scripps hospital for the past three and a half weeks but preferred to keep their name anonymous, reported that their medical personnel, while still documenting current care on paper, are now able to see patient history, including previous lab results, entered into the electronic record prior to May 1.

Still, the patient added, there is plenty of technology that remains offline, including in-room monitors, Wi-Fi, and internal phones used by patients to order food from the cafeteria.

“All the screens I’ve seen from my once-a-day walk show a million error boxes in a row, and those computers don’t have much value at the moment,” the patient said.

A Scripps spokesperson declined Thursday, May 20, to say whether electronic health records are now fully or partially restored.

It appeared over the weekend that Scripps struggled with some of its most basic electronic systems, including the telemetry network that allows nurses to view real-time data from vital sign monitors on computer workstations at nursing stations. A patient at one local Scripps hospital said a private security company installed closed-circuit video cameras on vital sign monitor displays in patient rooms to send video feeds back to nursing stations because the systems were still unable to directly transmit their information.

— Paul Sisson is a reporter for The San Diego Union-Tribune


Advertisement