Three weeks after a cyberattack led to a network outage at Scripps Health, employees say some systems are coming back online.

According to reporting from ABC News, several Scripps Health workers said they'd regained access to "read-only" medical records from before May and payroll systems, along with some computers, emails and X-rays.  

Its Epic-powered patient portal, MyScripps, was still down as of Thursday.  

"While some features on our website are still being worked on and are not quite ready for use yet, most of scripps.org is back up and running," said the health system in an update on the Facebook page.   

Attempts to reach the organization by phone and email for comment were not successful.  

WHY IT MATTERS  

After detecting a security incident on May 1, Scripps suspended user access to its IT applications.   

The San Diego-based health system continues to keep mum about the specifics of the attack.  

In a statement posted to the website, Scripps said, "In response to the cyber security incident on May 1, our team immediately took steps to contain the malware by taking a significant portion of our network offline."  

"We also immediately engaged outside consultants and experts to assist us in our investigation and other experts to help us restore our systems and get back online as soon as possible," the organization added.

The breadth of potentially exposed personal information remains unclear, Scripps said.  

"The investigation into the scope of the incident, including whether data was potentially affected, remains ongoing," the statement said. 

"Depending on the investigation’s findings, we will be sure to provide notifications to affected individuals in accordance with all applicable laws," it continued.  

The statement reiterated that in-person care was still available, and that patients could and should confirm appointments via phone. It noted that the Scripps team had backup workflows and paper processes in place, and that care providers currently had "view-access" to patient history and records. Virtual visits were also still available.  

"Physician and staff leadership at each site are reviewing scheduled surgeries, infusions, imaging, lab and all other patient care services regularly. If certain services and appointments need to be rescheduled, we are reaching out to patients directly when possible," read the statement.

It advised that requests for medical records should be completed by mail.  

THE LARGER TREND  

Some cybersecurity experts speculated that the network outage was related to negotiations around ransomware.  

"It’s likely that it’s taking a long time because of negotiations going on with the perpetrators, and the prevailing narrative is that they have the contents of the electronic health records system that are being used for 'double extortion,'" said Michael Hamilton, former chief information security officer for the city of Seattle and CISO of healthcare cybersecurity firm CI Security, in an email to Healthcare IT News.  

If that's true, Scripps certainly wouldn't be alone: The healthcare industry saw a number of high-profile ransomware incidents in the last year, including a cyberattack on Universal Health Services that led to a lengthy network shutdown and a $67 million loss.  

More recently, customers of the electronic health record vendor Aprima also reported weeks of security-related outages.  

ON THE RECORD  

"Scripps has served this community for 100 years," said the health system in the website statement. "We will come through this. We are here for you, now. And we will be here for generations of patients to come. Thank you again for your patience and understanding during this challenging time."

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.