Following a ransomware attack that disrupted its IT systems for almost a month, Scripps Health is now dealing with four class-action lawsuits from patients for apparently failing to protect their individual health information.
In early May, the San Diego-based health system experienced a cybersecurity incident, which it later on confirmed was a ransomware attack. In response, the health system took several of its systems offline and obstructed user access to certain IT applications, including its website and the MyScripps client portal.
Scripps Health later on alerted an approximated 147,267 patients that their data was taken by hackers in the attack, Modern Healthcare reported. The taken data consisted of both health and financial information.
The 4 class-action lawsuits, submitted over the course of the month, claim that Scripps Health did not adequately safeguard their details. The health system decreased to comment as it is “continuous litigation,” stated Janice Collins, Scripps senior director of public relations, social media, content marketing, in an email.
The very first match particularly declares that the health system “negligently produced, maintained, maintained, and kept Plaintiffs and the Class members confidential, specific [ly] recognizable medical details in a non-encrypted form.”
The exposure of the information has actually led to injury to the clients, another claim states. This consists of the lost or lessened value of their personal health info, out-of-pocket expenses associated with the prevention, detection and recovery from identity theft, tax scams and/or unauthorized use of the details, and lost opportunity expenses, including however not restricted to wasted time.
Even more, the exposed personal health info of the complainants might be offered on the dark web, which opens them approximately a “lifetime risk of identity theft,” according to one of the suits.
The health system has done very little to secure plaintiffs and the class members, offering only 12 months of identity theft and credit monitoring defense to a select couple of victims, alleges another one of the fits.
” In effect, Defendant is shirking its responsibility for the damage and increased threat of harm it has triggered Plaintiff and members of the Class, including the distress and monetary problems the Data Breach has actually placed upon the shoulders of the … victims,” it mentions.
In 3 of the claims, complainants desire the court to award $1,000 per violation to the plaintiffs separately and to each member of the class. This could lead to the health system paying out about $150 million if all those who received data breach notifications are included in the class.
The fourth suit asks that the court require Scripps Health to engage independent third-party security auditors and internal personnel to run automatic security monitoring and to sector data by developing firewall programs and access controls, among other actions.
Complainants in all four matches are requiring a jury trial.
Image: anyaberkut, Getty Images
.