As Scripps Health buckles under ransomware attack, CISA raises FiveHands alarm

Thank you for subscribing to the reader-sponsored edition of the twice-weekly Parallax View newsletter. If you are a legacy subscriber of The Parallax View, we are so grateful for your support over the past six years that we have gifted you a premium subscription. If you like our reporting, please share it! This project depends and thrives on your contributions.

If you're a new subscriber to our newsletter, welcome to The Parallax View. Thank you for your support! The free edition of The Parallax View lands in your inbox on Tuesdays and the reader-sponsored edition on Fridays. If you'd like to support us in other ways, please email seth@the-parallax.com.

The ransomware attack that shuttered Scripps Health hospitals and clinics in San Diego on May 1 continues to roil the health care system. The cyberattack is one of a scourge of ransomware attacks targeting the United States this year, including one on May 7 that forced administrators to shutter a major East Coast gasoline pipeline. The attacks have left the Biden administration and cybersecurity experts scrambling to restore services and protect existing infrastructure.

Scripps remains tight-lipped and refuses to publicly define the attack as one that stemmed from ransomware, though the health care organization informed the California Department of Public Health that the cyberattack used “ransomware” and that it is implementing “appropriate emergency protocols” in response, The San Diego Union-Tribune reported. The ransomware attack also affected Scripps’ backup servers in Arizona.

Scripps Health IT administrators intentionally disabled a “significant portion” of the computer network in order to contain the “malware” attack, Steve Carpowich, public-relations manager at Scripps Health, told The Parallax in a statement. Scripps’ four main hospitals are seeing patients, but they are still using paper records, and the Scripps website remains inaccessible.