SAN DIEGO — Patients and employees sent anonymous emails and messages to CBS 8 expressing frustration over Scripps Health's lack of information regarding a cyber attack that occurred May 1.
Cyberattacks are up, in fact security experts said 66% of health care companies cannot meet the minimum security standard defined by the National Institute of Standards and Technology.
"The problem is we have an industry with a rapidly growing technical debt," said Caleb Barlow, CEO, Cynergistek. "It’s not that they aren’t investing in security, they are, they just aren’t investing fast enough to keep up with an ever moving adversary."
Barlow's company, Cynergistek, works with healthcare systems before and after a cyber-attack happens. An HHS report on healthcare security listed the vulnerabilities in hospitals. They named networks without tight controls, how records are disposed of, the use of personal devices and working from home.
“Too often you don’t see multi factor authentication in place. Many of us are familiar with that where you log in with a password, but you also have to get a challenger response on your phone," said Barlow.
That extra step can keep cyber criminals out of the network. Scripps Health is saying very little about its security measures and only issued a written statement saying the network outage was caused by malware. But they haven’t said how that happened.
CBS 8 has learned that the cyber attack took all Scripps hospitals out of the emergency medical response system on May 2 when a boat capsized off Point Loma.
Scripps Memorial Hospital in La Jolla was the closest trauma center to the incident, yet patients were sent to other area hospitals.
It’s the kind of disruption cyber criminals want.
“It’s always unsettling, when you hear your security has been breached, because you don’t know what information they might use it," said Lisa Kendall, patient.
Kendall’s daughter’s appointment was cancelled and like so many others, she’s forced to reschedule it. But the lack of information from Scripps Health is leaving many with questions.
“I don’t know what to do about it, other than just make sure I’m following my credit monitoring apps and make sure no one is trying to get our information, but I feel helpless" said Kendall.
WATCH: Scripps Health hack forcing appointments to be canceled and more