Cyber Incident Victim: Tri-City Medical Center
Date:
Nov 2023
Location:
United States of America
Summary
A cyber attack disrupted operations at Tri-City Medical Center, forcing systems offline and prompting an internal disaster declaration. The hospital diverted ambulance deliveries, canceled elective procedures, and maintained limited emergency services while engaging third-party cybersecurity specialists and law enforcement. Nearby healthcare facilities experienced increased patient volume due to the operational constraints. The incident investigation remains ongoing, with no confirmation of data compromise or ransom demands, though external law firms are exploring potential breaches. Recovery efforts continue as staff prioritize patient safety and system restoration, mirroring prolonged timelines observed in similar healthcare cyber incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident impacting Tri-City Medical Center in Oceanside began on November 9, 2023, when the hospital detected unauthorized activity on its computer network. Management immediately took systems offline to contain the threat, initiating an emergency response that included engaging third-party cybersecurity specialists to investigate the breach, restore operations, and implement preventive measures. The hospital declared an "internal disaster" status, diverting ambulance deliveries from its emergency department and canceling all elective procedures to prioritize critical patient care. Emergency services remained operational for community members requiring urgent medical attention. Tri-City coordinated with San Diego County authorities, local first responders, and neighboring healthcare facilities like Palomar Health to manage patient overflow and maintain regional healthcare capacity.
By November 13, four days after the attack, full system restoration remained incomplete, forcing continued diversion of ambulances and postponement of non-emergency procedures. Palomar Medical Center in Escondido reported a surge in ambulance arrivals, increasing from 60-65 daily to approximately 90, reflecting the operational strain on adjacent providers. Tri-City did not disclose whether ransomware demands were made or if patient data was exfiltrated, though two class action law firms announced investigations into potential compromises of protected health information. The hospital maintained collaboration with law enforcement and cybersecurity consultants throughout the response, referencing Scripps Health’s 2021 month-long recovery as a benchmark for complex system validation. No estimated restoration timeline or technical specifics about the attack vector were provided in public updates.