Scripps Health has restarted its online operations following a ransomware attack that left it offline for nearly four weeks.

More than 147,000 patients, staff and physicians may have had their personal and financial information compromised, the health care group confirmed Tuesday, according to NBC 7 in San Diego.

“I can tell you that we are incrementally bringing our systems back up,” company spokesperson Stephen Carpowich told HCB News.

Discovered in early May, the attack led the healthcare system to suspend access to its patient portals, email servers and other healthcare-related technology applications. The healthcare system resorted to using downtime protocols and backup processes, including offline documentation methods to continue patient care, after finding its IT systems were damaged by the malware, reported NBC 7 in San Diego, where the healthcare system is based.

Its main digital record systems were reported to be up and running last Thursday, according to The San Diego Union-Tribune. This included its patient portal for scheduling appointments, communicating and accessing personal health information, with Scripps experiencing a higher number of phone calls and MyScripps requests.

A Scripps nurse, who was listed as anonymous for fear of discipline, told The Tribune that the hospital’s EPIC health records system was started back up at 4 a.m. that day. This access, however, was read-only. In addition, restoring the vast number of employee terminals to allow frontline workers to digitally report the care they provide and create new records took longer, though this functionality was reported to have been restored last Thursday.

“We still do not know what was taken or what we need to do to ensure our own personal data is secure,” said the nurse.

An investigation into the matter found that the attackers gained access to the network in late April and deployed malware throughout May to exfiltrate copies of data. Some of the documents contained names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers, and/or clinical information. A smaller number had their social security numbers and drivers’ license numbers stolen.

Scripps CEO Chris Van Gorder said in a letter to patients a few days beforehand that he expected service to return later that week.

“Importantly, this incident did not result in unauthorized access to Scripps’ electronic medical record application, Epic. However, health information and personal financial information was acquired through other documents stored on our network,” said the healthcare system in a statement. It added that “as the investigation is ongoing, we do not yet know the content of the remainder of documents we believe are involved, though we are working with third party experts to determine those facts as quickly as possible.”

It is not clear if the hackers removed patient records from the system. Scripps says it does not know the remainder of the content of the remainder of documents it believes are involved, but is working with third-party experts to determine this information swiftly.

Health IT Homepage