Scripps Health has been cited in the lawsuit for its alleged “lack of security and proper safeguarding” of patients’ personal identity information during a April 29 malware attack on the San Diego-based health system, according to documents filed in the U.S. District Court for the Southern District of California. To counter the attack, the San Diego-based system has taken a portion of its network offline, disrupting access to e-mail servers, the patient portal and other applications. Some systems have been down for almost a month. Here are five things to know about legal action:
- The lawsuit alleges to someone that their personal identity information such as name, birthday, social security number or driver’s license number has been compromised or that their personal health information such as insurance information has been compromised. health record, medical record number, patient account number or clinical information have been disclosed, depending on the filings.
- The plaintiff’s legal team, Scott Cole & Associates, said the data “could be sold on the dark web,” opening 150,000 patients affected by the attack to “a lifetime risk of identity theft, which it is exacerbated here by the loss of Social Security numbers. ” Scott Cole, the lead attorney for the case, in a statement said that the fact that medical records have been accessed “makes this situation unique. Despite hundreds of data breaches each year in this country, most do not involve the information of highly sensitive patients as it is. was obtained here. “
- Scripps Health said earlier it learned of the cybersecurity incident on May 1 and began notifying affected patients about data breaches later that month and in early June. In a letter to patients on May 24, Scripps CEO and President Chris Van Gorder acknowledged patients ’frustrations that the health care system was not communicating enough. But he said they weren’t so transparent because sharing more details put Scripps at an increased risk of more attacks.
- The system said social security numbers and driver’s license numbers were compromised for less than 2.5% of patients, all of whom were offered comprehensive credit monitoring and identity protection services. .
- The lawsuit calls on Scripps Health to be employed to implement stronger security protocols to prevent future attacks and to provide patients affected with monetary harm.
Scripps Health did not immediately respond to a request for comment.