In-Depth: Cyberattackers often 'beyond the reach' of US authorities

Posted at 4:53 PM, May 12, 2021
and last updated 2021-05-12 21:16:04-04

SAN DIEGO (KGTV) - It's been almost two weeks since one of San Diego's biggest hospital networks was hit by a cyberattack that disrupted operations, but as of Wednesday, there's still no word about who hacked Scripps Health.

"Often these bad guys are beyond the reach of U.S. law enforcement," said John Riggi, and former FBI agent and senior risk advisor at the American Hospital Association.

Riggi says the vast majority of those responsible for cyberattacks and ransomware attacks come from overseas.

"Over 99%, I would say, are located overseas in non-cooperative foreign jurisdictions such as Russia, China, Iran, and North Korea," he said.

Such is the possible case with the Colonial Pipeline attack. The FBI confirmed this week that it was carried out by a group known as DarkSide, believed to be based out of Eastern Europe.


"Generally, they’re operating from some type of safe haven. As long as they don’t attack their host adversarial nation, often they're allowed to operate with impunity and sometimes with encouragement," said Riggi.

Scripps Health has acknowledged that an investigation is still underway into the malware attack that targeted its information systems.

Part of a statement this week from the hospital’s CEO reads, "We are committed to continuing to evolve and enhance our security measures and look to our government to help private enterprises combat this significant threat to health care."

There is no mention of who may be behind the attack.

Scripps Health continues to report that a team is working nonstop to get back online. It's unknown when that might happen but the hospital reports that its urgent cares, emergency departments, and Healthexpress locations remain in operation.