Cyberattack Disrupts Scripps Health Operations Across San Diego
Scripps Health, a major healthcare provider in San Diego, California, suffered a significant cyberattack on May 1, 2021, forcing the organization to take critical IT systems offline. The attack disrupted electronic health records (EHR), patient portals, and other digital services, leading to delays in care and the diversion of emergency patients to alternative facilities.
The incident, later confirmed as a ransomware attack, targeted Scripps’ network infrastructure, encrypting data and demanding payment for decryption. While the exact strain of ransomware remains undisclosed, cybersecurity experts suspect involvement from a known criminal group. Scripps responded by activating emergency protocols, including manual record-keeping and coordination with law enforcement, including the FBI.
The attack’s impact extended beyond IT disruptions, with outpatient appointments canceled or rescheduled and some elective procedures postponed. Scripps’ four hospitals and 24 outpatient facilities across San Diego County were affected, though emergency services remained operational. The organization restored systems gradually over several weeks, with full recovery taking nearly a month.
Investigations revealed that the attackers may have exploited vulnerabilities in third-party software or phishing tactics to gain access. Scripps later confirmed that patient data, including medical records and personal information, was compromised, though the extent of the breach remains under review. The incident underscores the growing threat of ransomware against healthcare providers, particularly during the COVID-19 pandemic, when reliance on digital systems was at an all-time high.
As of the latest updates, no ransom payment was publicly confirmed, and Scripps has since implemented enhanced security measures to prevent future attacks. The case remains under federal investigation.
Scripps Health cybersecurity rating report: https://www.rankiteo.com/company/scripps-health
"id": "SCR1776486361",
"linkid": "scripps-health",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'healthcare',
'location': 'San Diego, California',
'name': 'Scripps Health',
'type': 'healthcare provider'}],
'attack_vector': ['phishing', 'third-party software vulnerability'],
'data_breach': {'data_encryption': 'yes',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': 'patient data, medical records, '
'personal information'},
'date_detected': '2021-05-01',
'date_publicly_disclosed': '2021-05-01',
'description': 'Scripps Health, a major healthcare provider in San Diego, '
'California, suffered a significant cyberattack on May 1, '
'2021, forcing the organization to take critical IT systems '
'offline. The attack disrupted electronic health records '
'(EHR), patient portals, and other digital services, leading '
'to delays in care and the diversion of emergency patients to '
'alternative facilities. The incident was later confirmed as a '
'ransomware attack, targeting Scripps’ network infrastructure, '
'encrypting data, and demanding payment for decryption.',
'impact': {'data_compromised': 'patient data, including medical records and '
'personal information',
'downtime': 'nearly a month',
'identity_theft_risk': 'high',
'operational_impact': 'delays in care, diversion of emergency '
'patients, canceled or rescheduled '
'outpatient appointments, postponed elective '
'procedures',
'systems_affected': ['electronic health records (EHR)',
'patient portals',
'digital services']},
'investigation_status': 'under federal investigation',
'lessons_learned': 'The incident underscores the growing threat of ransomware '
'against healthcare providers, particularly during the '
'COVID-19 pandemic when reliance on digital systems was at '
'an all-time high.',
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': 'enhanced security measures',
'root_causes': 'exploited vulnerabilities in '
'third-party software or phishing '
'tactics'},
'ransomware': {'data_encryption': 'yes', 'ransom_demanded': 'yes'},
'recommendations': 'Implement enhanced security measures to prevent future '
'attacks.',
'references': [{'source': 'Cyber incident description'}],
'response': {'containment_measures': 'took critical IT systems offline, '
'manual record-keeping',
'enhanced_monitoring': 'yes',
'incident_response_plan_activated': 'yes',
'law_enforcement_notified': 'FBI',
'recovery_measures': 'full recovery took nearly a month',
'remediation_measures': 'gradual system restoration, enhanced '
'security measures'},
'title': 'Cyberattack Disrupts Scripps Health Operations Across San Diego',
'type': 'ransomware'}