A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack on the San Diego-based health care system.
The complaints filed Monday in San Diego federal court allege Scripps did not properly safeguard its patients’ personal information stolen in last month’s cyberattack, even though Scripps should have been “on notice” of the potential risk due to similar incidents occurring in the health care industry.
Scripps said earlier this month that it was notifying more than 147,000 people that their personal information was affected, though the health care system said there has been no indication that any data was used to commit fraud.
Despite that, the plaintiffs allege they “are at imminent and impending risk of identity theft” that “will continue for the rest of their lives.”
Scripps, which did not respond to requests for comment on the lawsuits, previously stated it would be providing complimentary credit monitoring and identity protection support services “for the less than 2.5% of individuals whose Social Security number and/or driver’s license number were involved.”
One of the complaints alleges that the service “does not and will not fully protect the patients from cyber criminals and is largely ineffective against protecting data after it has been stolen” and states cyber criminals will hold onto the stolen data until “long after victims concerns and preventative steps have diminished.”
The plaintiffs seek unspecified damages and for Scripps to implement a number of preventive measures to bolster its cybersecurity.
–City News Service