Fraud Management & Cybercrime , Governance & Risk Management , Healthcare

Cyberattack Forces San Diego Hospital to Divert Patients

Tri-City Medical Center Is Latest Regional Entity Facing Disruption to Patient Care
Cyberattack Forces San Diego Hospital to Divert Patients
Image: Tri-City Medical Center

A San Diego public hospital is diverting ambulances and patients to other facilities as it deals with a cyberattack detected early Thursday. The medical center is the latest among a growing roster of regional healthcare providers forced to suddenly shift patients to neighboring entities due to a cybersecurity crisis.

See Also: Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape

Tri-City Medical Center is an acute care public hospital with 144 beds serving the communities of Carlsbad, Oceanside and Vista in San Diego County.

Local media reported on Thursday that the medical center had been dealing with a cyberattack since at least the early morning hours, putting itself on an Internal Disaster Diversion with San Diego County's Office of Emergency Services, which redirects ambulances to other area hospitals.

"We're in the midst of a forensic analysis, and as soon as we have more information, we'll share," said Aaron Byzak, Tri-City's chief strategy officer and spokesperson, in a statement to NBC San Diego.

Tri-City Medical Center did not immediately respond to Information Security Media Group's request for comment and details pertaining to the incident.

A worker in the hospital's emergency room on Friday told ISMG that IT systems were down and that patients not being transported by ambulance were being accepted into the ER only on a case-by-case basis.

Growing Worries

The attack on Tri-City Medical is among a rash of similarly disruptive ransomware and other cyber incidents that have been relentlessly hitting healthcare sector entities, including regional hospitals, in recent years, months and weeks.

That includes an October ransomware attack on five hospitals in Ontario, Canada, and their shared IT services provider, which has been disrupting patient care at the facilities for several weeks and for which recovery work is expected to last into mid-December (see: Ontario Hospitals Expect Monthlong Ransomware Recovery).

The Canadian hospitals have been directing many patients, including some cancer patients who need radiology treatment, to seek medical care elsewhere (see: 5 Ontario Hospitals Still Reeling From Ransomware Attack).

A study released in January by the Ponemon Institute surveying 579 healthcare technology and security leaders says that patient care diversions due to ransomware are on the rise.

The survey found that of respondents who reported their entities had experienced a ransomware attack in the last year, 70% said their organizations had to transfer or divert patients to other facilities, up from 65% the year before.

'Spillover Effect'

Joshua Corman, founder of security and safety advocacy group I Am the Cavalry, told ISMG that serious and potentially deadly patient safety issues involving hospital cyberattacks extend much further than the entity that is hit with the attack.

"We know that there's a spillover effect - the patient overflow to the other hospitals in a region drives up their wait times in their admission rates," said Corman, who served as chief strategist at CISA on the agency's COVID Task Force during the height of the pandemic.

Those extended waits for medical care can contribute to poor outcomes for some patients, especially those that have had strokes and other time-sensitive conditions, he said.

The fallout can be longer-term for organizations, especially when a hospital that is already struggling financially is pushed over the edge by an attack that results in prolonged outages and business disruptions from which the hospital cannot recover.

In recent months, some smaller hospitals have permanently closed their doors due in large part to the financial devastation wreaked by an attack, he said.

"The financial cost directly from the attack and the lack of income during their denial of patient care put them out for good," Corman said.

The impact of cyberattacks on smaller regional healthcare providers can be devastating. In June, a rural Illinois medical system, St. Margaret's Health, shut down permanently partly due to fallout from a 2021 ransomware incident (see: Rural Healthcare Provider Closing Due in Part to Attack Woes).

Such closures put more burden on the other remaining regional hospitals and providers, and in some cases they leave communities, especially in rural areas, without a nearby medical facility for patients, Corman said.

The financial strain of cyberattacks on hospitals can also create uncertainties regarding how affected entities move forward post-incident.

An August cyberattack on Prospect Medical, a national hospital chain, exacerbated financial woes at three of its Connecticut hospitals that provide care in underserved areas of the state. It has put in jeopardy a planned sale of those hospitals to another regional healthcare system, Yale New Haven Health (see: Some Prospect Medical Hospitals in Dire State, Post-Attack).

Back in California, just two weeks ago, the Tri-City Healthcare District announced that UC San Diego Health had been chosen to partner with Tri-City Medical Center. Under the Joint Powers Agreement, UC San Diego Health is expected next year to assume rights and title to the Tri-City district-owned assets, as well as day-to-day responsibility for the operation of health care services.

"Through investments intended to modernize facilities and technologies designed around the future of care delivery, UC San Diego Health expects to partner with Tri-City to enhance its clinical quality and patient experience as well as its cybersecurity infrastructure," said Christopher Longhurst, chief medical officer and chief digital officer at UC San Diego Health, in an Oct. 27 statement about the partnership - prior to the attack on Tri-City.

"This will be achieved, in part, by restarting or introducing critical medical and surgical services while simultaneously upgrading and protecting its technology infrastructure and information systems," Longhurst said.

UC San Diego Health did not immediately respond to ISMG's request for comment on the Tri-City Medical Center cyberattack and any potential affect the incident has had on the university healthcare system's plans moving forward for Tri-City.

But persistent attacks on healthcare sector entities can put any organization on a hacker's list of targets.

UC San Diego Health in 2021 reported a massive hacking breach involving a phishing attack and affecting about 496,000 individuals, which resulted in several lawsuits against the entity (see: Lawsuits: Negligence Led to UC San Diego Health Incident).

"A lot of the security community believes we should look at how hospitals have been hit in the past - 'how we're being beat' is the phrase they like to use - and adjust their system of protective controls reactively to fight the last war," Corman said.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.