Health and Wellness Informatics News

Scripps Health faces legal action after ransomware attack

Four lawsuits filed recently in federal and state court against Scripps Health after weeks-long network troubles.

Scripps Health’s name got registered under multiple class-action lawsuits filed both in federal and state court recently. All total, four cases got filed due to the ransomware attack, which took down its network in May. San Diego Union-Tribune’s report claims Scripps failed to maintain the privacy of its patients’ information. It even subjects patients to several potential consequences, along with medical fraud and identity theft.

One of the suits against Scripps reads its failure in taking appropriate steps to protect the PHI and PII of Plaintiff and Class Members from getting compromised. However, Scripps denied commenting on this suit and the ongoing condition of the litigation.

The CEO and president of Scripps said, “This is not hypothetical. Other attackers are already using what is being reported in the media to send scam communications to our organization.” Scripps began sending letters on June 1 to more than 147,000 of its customers, informing them about the possible risks regarding their personal information. However, as per the Union-Tribune, only 3,700 patients have their driver’s license numbers or Social Security compromised.

The suits vary in terms of alleged harm, where one plaintiff saying he was forced to “beg a nurse” for rendering his lab orders for him. Another report, on the other hand, states complain regarding the protection of his “very personal surgery” records. One lawsuit files that Scripps could possibly prevent this Data Breach through proper encryption and security.

Sophos, a British security company, in a recent survey, found the average bill of resolving a ransomware attack was $1.27 million. Sophos researchers write in their survey, “Responding to a critical cyberattack or incident can be incredibly stressful. While nothing can completely alleviate the stress of dealing with an attack, having an effective incident response plan in place is a surefire way to minimize the impact.”