Scripps Health, a San Diego, California-based health care provider, has been hit by a ransomware attack that took its systems taken offline.

The ransomware attack was detected on May 1 and affected computer systems inside at least two hospitals as well as taking its website and related services offline. The exact details of the form of ransomware attack have not been disclosed but its services remain offline.

According to the San Diego Union-Tribune, the attack also took medical records down, forcing medical personnel to use paper records. Also telemetry, the electronic monitoring of patient vital signs within hospitals, is also said to be down at most sites.

The ransomware attack resulted in trauma patients being turned away from Scripps Mercy Hospital San Diego in Hillcrest and Scripps Memorial Hospital La Jolla.

Scripps Health said on its Twitter account only that it had experience an “information technology security incident.” Scripps also said in an additional tweet that while its information technology applications were offline, “patient care continues to be delivered safely and effectively at our facilities, utilizing established back-up processes, including offline documentation methods.”

The ransomware attack on Scripps Health is not the first ransomware attack that has targeted a health care provider.

“Hackers are targeting soft targets knowing that they are easy to attack and they are financially rewarding,” Purandar Das, chief executive officer and co-founder at data security platform provider Sotero Inc., told SiliconANGLE. “This also plays into current situations where medical information is more valuable than other categories of stolen information.”

Das also said the incident highlights a weakness in current deployments of legacy technology platforms. “Criminals are targeting organizations that have been slow to adopt a more robust and resilient architecture,” Das said. “Organizations have to move towards protecting data, via new encryption technologies, that keep them secure while enabling privileged access. Secondly, organizations have to move toward a resilient deployment architecture that enables them to bring up a failover system without risking long-term outages.”

Photo: Scripps Health/Flickr