Cyber Incident Victim: Scripps Health
Date:
May 2021
Location:
United States of America
Summary
A ransomware attack disrupted operations at Scripps Health, forcing the suspension of online patient portals and critical IT systems, leading to postponed appointments and diversion of stroke and heart attack patients to other facilities. The organization maintained emergency and urgent care services using paper records while restoring systems, with impacts including compromised medical imaging access and electronic monitoring at multiple hospitals. Law enforcement was engaged as the healthcare provider worked to resume normal operations amid significant service interruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 1, 2021, Scripps Health, a nonprofit healthcare provider based in San Diego, experienced a ransomware attack that disrupted its operations. The organization detected the intrusion late on Saturday, May 1, prompting an immediate suspension of user access to critical online portals and applications, including MyScripps and scripps.org, which connected to healthcare facilities. This action aimed to contain the attack’s spread and protect patient data. By Sunday, May 2, Scripps confirmed that IT systems remained offline but emphasized that patient care continued using established backup processes, such as paper records. Outpatient urgent care centers, Scripps HealthExpress locations, and Emergency Departments remained operational, though weekend and Monday appointments were postponed.
The attack significantly impacted clinical operations across multiple facilities. Internal memos revealed that ransomware compromised systems at two hospitals, disrupting access to medical imaging and electronic monitoring of patient vitals. As a result, Scripps hospitals in Encinitas, La Jolla, San Diego, and Chula Vista could not accept stroke or heart attack patients, diverting these cases to other hospitals. Critical IT applications stayed offline, forcing staff to rely on manual documentation methods. Scripps engaged law enforcement and government agencies while working to restore systems. The organization, which operates five hospitals, 19 outpatient facilities, and serves over 700,000 patients annually, faced operational challenges due to the attack’s scope. With quarterly revenues exceeding $790 million in 2020, the incident underscored the financial motivations behind such ransomware campaigns targeting large healthcare providers.