Scripps Health Reaches $3.5M Settlement After Ransomware Attack
Scripps Health recently settled a class action lawsuit stemming from a 2021 ransomware attack that impacted 1.2 million individuals.
Source: Getty Images
By Jill McKeon
- Scripps Health in San Diego reached a $3.5 million proposed settlement to resolve a class action lawsuit stemming from a May 2021 ransomware attack and subsequent breach that impacted 2.1 million individuals.
On May 1, 2021, a threat actor gained access to Scripps’ network, deployed malware, and acquired copies of some documents on the network. The ransomware attack led to significant EHR downtime, along with appointment delays and disruptions.
In the class action complaint, plaintiffs alleged that Scripps Health failed to adequately secure and safeguard patients’ sensitive information. The plaintiffs alleged that Scripps Health “negligently created, maintained, preserved, stored, disclosed, and released” class members’ protected health information (PHI) and personally identifiable information (PII) on its network.
“Defendant [Scripps Health] disregarded the rights of Plaintiffs and the Class by negligently failing to take and implement adequate and reasonable measures to ensure that Plaintiffs’ and the Class’ PII and/or PHI was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use,” the complaint stated.
Specifically, the plaintiffs alleged that Scripps Health violated the Confidentiality of Medical Information Act and violated the right to privacy, among other violations.
Scripps Health denied any wrongdoing but agreed to a $3.5 million settlement to resolve the allegations. If approved by a judge, all class members may receive at least $100. Class members who suffered ordinary out-of-pocket losses related to the attack may be eligible to receive up to $1,000, and those who suffered extraordinary out-of-pocket losses may be reimbursed up to $7,500.
All settlement class members will also be eligible to receive 36 months of free identity theft protection services.
