Tri-City Medical Center is diverting ambulance traffic to other hospitals Thursday as it copes with a cybersecurity attack that has forced it to declare “an internal disaster” as workers scramble to contain the damage and protect patient records.
The Oceanside facility’s management confirmed the situation in a brief statement, indicating that the hospital’s emergency department remains “prepared to manage emergency cases” that may arrive in private vehicles and is “working with our other health system partners to ensure the provision of health care for our community.”
Tri-City officials did not specify the exact nature of the attack, saying that the medical center “is experiencing a cybersecurity challenge at this time,” but not specifying the exact nature of the threat, except to say that it “is similar to situations that have impacted other health care providers across the country.”
As a recent federal cybersecurity bulletin attests, ransomware — malicious software that extorts payment while holding an organization’s digital infrastructure hostage — remains the most serious threat, with a version called “NoEscape” currently spreading in multiple business sectors.
Tri-City management declined to confirm that the threat was ransomware, though several people familiar with the situation who asked not to be identified said that it was the suspected culprit.
“We’re in the midst of a forensic analysis, and as soon as we have more information, we’ll share,” said Aaron Byzak, Tri-City’s chief strategy officer and spokesperson.
San Diego County health care providers are no strangers to severe cyber attacks. In 2021, a ransomware attack shut down much of the Scripps Health network, crippling electronic health care record access and forcing bedside workers to return to paper record keeping. Access to medical imaging was also severely impacted, and the organization’s subsequent financial statements indicated the month-long siege cost $113 million in lost revenue in addition to millions spent on settlements with affected patients.
In the summer of 2021, UC San Diego Health also disclosed that it suffered a data breach that resulted in the potential release of protected information, though the incursion did not affect day-to-day operations.
It was not clear Thursday morning just how much the Tri-City attack has impacted the delivery of health care to patients currently being cared for at the facility.
Calling the situation “fluid,” Tri-City said it appreciates the “community’s support and understanding,” and that its “priority is our patients safety, and protecting their private health information.”
