Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Scripps failed to properly secure and safeguard patients’ personal identifiable information during an invasive and preventable ransomware attack, a new class action lawsuit alleges.
The nationwide Scripps class action lawsuit was filed in California on July 7 by lead Plaintiff David J. Rubin, who alleges the company violated state and federal law by breaching its duty and agreement to safeguard and protect the personal identifying information of its patients from unauthorized persons.
Rubin alleges that Scripps failed to adequately and sufficiently prevent an April 29, 2021, breach on its systems that compromised the personal sensitive information of all its members.
According to the Scripps class action lawsuit, unauthorized actors used malware to infiltrate Scripps’ servers, which housed members’ names, addresses, dates of birth, health insurance information, medical record numbers, patients account numbers, clinical and treatment information, as well as social security numbers and drivers’ license numbers.
Rubin says that Scripps failed to warn patients of its inadequate security system and practices, failed to implement effective and adequate protections, and failed to timely detect and notify patients of the breach – all of which it was required to do by federal and state law.
“As a direct result of Defendant’s misconduct, Plaintiff suffered injury, including the now ever-present and immediate threat of identity theft, fraud and random demands. This imminent and concrete threat requires Plaintiff’s constant surveillance, now and for years to come, to prevent and detect misuse of his personal identifying information,” the claim reads.
According to the Scripps class action lawsuit, the company noticed unusual activity in its network on May 1 and suspended its systems, including MyScripps, Scripps.com, and EPIC, and used a forensic computer firm to investigate the breach.
The investigation found malware in the system since April 29 and copies of documents on Scripps systems had been acquired, including patients personal and financial information, including driver’s license and social security numbers.
The claim says that it took Scripps almost one month to get the systems back online, during which time patients could not access their medical information, schedule appointments or contact their physicians through the systems.
Scripps didn’t issue a statement until June 1 and despite the statement patients remain unaware of the full impact of the breach, including what information was taken and the steps Scripps is taking to fix it, the claim alleges. Rubin says that the information was gathered to be sold on the dark web for to be used as a ransom for money.
Rubin wants to represent a nationwide Class of Scripps patients. He is suing for breach of contract, negligence, invasion of privacy, and violations of California Unfair Competition Law, and seeks certification of the Class, damages, legal fees and costs, interest, injunctive relief.
This is not the first time Scripps has been the target of a class action lawsuit over its data breach this year. The healthcare company had been issued four other class actions already as of last month.Â
Were you affected by the Scripps data breach? Let us know your experience in the comments section!
Rubin is represented by Roy A. Katriel, Esq.
The Scripps Data Breach Class Action Lawsuit is Rubin v. Scripps Health, Case No. 3:21-cv-01231-BTM-MSB in U.S. District Court Southern District of California.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
8 thoughts onScripps Health Failed to Secure the Personal Data of 147,000 Patients, Class Action Lawsuit Alleges
Add me to the Class Action Lawsuit. I received a letter for Scripps indicating my confidential and secure medical information was breached. Isn’t that a violation of HIPPA rules?
Please add me, my appointment got cancelled and I wasn’t able to reschedule until months later
Please add me.
Add me please
Please add me
Add me please
Add me please
yes all family has due to us using their services where does one sign up?