This Week Health

Don't forget to subscribe!

Is this a cautionary tale for the industry or a call to action?


Scripps Health's Epic EHR system and online patient portal were restored May 27, nearly four weeks after a ransomware attack knocked the San Diego-based health system's network offline, The San Diego-Union Tribune reported.

A Scripps nurse told the Tribune that the EHR returned to service at 4 a.m. on May 27. Scripps regained read-only access to Epic last week, which let staff look up past test results, clinician notes and other records created before the May 1 attack.

Scripps said it is unsure whether any patient data was affected by the incident and that it will notify any affected individuals if their data was exposed once the investigation ends.


They gained access, they likely had access over an extended period of time and they got to the crown jewels, the EHR. The security posture was not what they thought it was, architecture was not as well thought out as we needed it to be, and the resilience of technology platforms was easily compromised. 4 weeks is not on anyones RTO - Recovery Time Objective.

What did we learn? How are we talking about this around healthcare?

#healthcare #healthIT #cio #ciso #chime #himss #cybersecurity


This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.

  Today in Health it, this story is Scripts EHR back online four weeks after ransomware attack. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current. And engaged VMware was the first sponsor of this week in Health it, and now they are the first sponsor of Today in Health it.

They have committed to our mission of providing relevant content to health IT professionals. Since the start. They recently completed an executive study with MIT on the top Healthcare trends, shaping it, resilience. Covering how the pandemic drove unique transformation in healthcare. This is just one of many resources they have for healthcare professionals.

For this and several other great content pieces, check out All right. I did a lot of reading over this Memorial Day weekend and my gosh, I've got like 20 stories teed up to talk about, but this one is probably the most relevant for us in health it, and that is Scripps EHR, back online nearly four weeks after ransomware attack.

I chose to go with the Becker's story 'cause it is the most succinct and I just wanna share the notes on it and then really go into the so what in a lot more detail. So here's the excerpts from the story. Scripps Health, epic EHR System and Online Patient portal were restored May 27th, nearly four weeks after ransomware attack, knocked the San Diego based health systems network offline according to the San Diego Union Tribune, Scripps President and CEO, Chris Van Gorder.

penned a letter to patients May 24th, updating them on the situation, but wrote that scripts is limited in the amount of information it can share with patients since it could put the system at an increased risk of coming under further attack and of not being able to restore its system safely and as quickly as possible.

In an update, Mr. Van Gorder confirmed that the May 1st cyber attack involved ransomware and he told patients that scripts. Would have its EHR back online this week. The health system restored its website, May 20th. A Scripps nurse told the Tribune that the EHR returned to service at 4:00 AM on May 27th.

Scripts were gained. Read only access to Epic last week, which let staff look up test results, clinician notes, and other records created before May 1st attack. Scripps said it is unsure whether any patient data was affected by the incident and that it will notify any affected individuals if the data was exposed once the investigation ends.

All right, here's my so what on this? This is a significant event in healthcare and I think we're gonna . Be talking about this for years to come as one of the first major health systems, large major health systems, to be attacked by ransomware and really taken offline for the better part of a month. A ransomware attack is different than a breach in several ways.

A breach is like a robbery. They come into your home, they take your stuff, and then they leave. You feel violated, unsafe, and unsure of yourself. Anyone who's ever been robbed understands what I'm talking about. Ransomware is more like an armed robbery. They rob you while holding a gun to your head. This comes with a different level of emotional trauma and subsequent second guessing of the things that you've put in place.

Life at Scripps right now is beyond difficult for everyone, and especially for the people associated with the technology systems. There will be second guessing, a strong inclination to place blame somewhere and a loss of confidence in any progress that was made. With regard to the use of technology at Scripps, this has to be combated and confidence restored as quickly as possible while still learning the lessons that this incident provides.

What did we learn? They gained access. They likely had access over an extended period of time, and they got to the crown jewels of the health system, which is the EHR. Our security posture was not what we thought it was. Our architecture was not as well thought out as we needed it to be, and the resilience of our technology platform was easily compromised.

Four weeks is not on anyone's RTO, which is a recovery time objective, and we don't know what the RPO, the recovery point objective really was. How much data did we actually lose? Did they restore to a system a couple months ago or a couple minutes before the breach? We have no idea at this point. There's a couple of potential responses to this breach.

You could stay quiet and inward focused, or you can go public. One is strong, the other is fairly weak. I'm not really talking about right now, but after the analysis has been done and the lessons learned and have been accumulated, how are we gonna treat this situation? Are we gonna treat it? Like if we don't talk about it, people will soon forget or they will focus on the next organization.

That's it Comes to a ransomware attack. Or our breach is a time for us to step up and out in leadership. We'll become a leader in cybersecurity and response. Our experience will be a platform to solidify our commitment to cybersecurity as a culture. Cement a culture that is committed to safety first in the clinical setting and technology setting, and establish scripts as an organization that had an incident, which proved to be a catalyst for change.

There's gonna be forces for sure that push against this. The FBI will be one that will want the information to be held as close to the vest as possible for as long as possible. Your internal legal team will want to limit exposure by not saying anything of substance to the public. Heck, even PR and marketing may want this to fade from memory.

I'm not arguing that they are wrong for a period of time. Speaking educates attackers as well as the industry going public is gonna give those who are planning class action lawsuits information they need to make the case. PR and marketing aren't wrong either. Some events you want people in the community to forget, but if you stay quiet and take a nothing to see, hear approach, you're gonna miss an opportunity for leadership.

My recommendation to Scripps leadership is to go public. Go as public as you possibly can, as quickly as you possibly can. Share your experience and your findings with the world. Shine a light into the crevices of your system and share them with an industry that is loaded with crevices. Let this incident act as a rallying point for scripts to become a leader.

Let this moment of weakness become a starting point for a new strength for scripts. That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week,, or wherever you listen to podcast Apple, Google Overcast, Spotify, Stitcher.

You get the picture. We are everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.

Thank You to Our Show Sponsors

Our Shows

Today In Health IT with Bill Russell

Related Content

1 2 3 267
Transform Healthcare - One Connection at a Time

© Copyright 2024 Health Lyrics All rights reserved