Scripps Health is being accused of failing to properly secure and protect patients' health information stored within the San Diego-based system's network, which a malware attack compromised April 29, according to court documents.
Seven things to know:
1. Scripps began notifying more than 147,000 individuals in early June that their protected health information was exposed during the malware attack.
2. For certain patients, exposed information included names, addresses, birthdates, health insurance data, medical record numbers, patient account numbers and treatment details. Less than 2.5 percent of individuals' Social Security numbers and/or driver's license numbers were involved, according to the health system.
3. The exposed data "can be sold on the dark web," the lawsuit states, adding that "[h]ackers can access and then offer for sale the unencrypted, unredacted [data] to criminals." As a result, the class members "face a lifetime risk of identity theft," according to the suit.
4. The class action is on behalf of all individuals whose personally identifiable information and protected health information were compromised because of Scripps' alleged failure to protect the data and effectively secure hardware that stored the information, according to the lawsuit. The plaintiffs allege that Scripps' conduct was negligent and in violation of federal and state statutes.
5. The plaintiffs are seeking monetary damages and also ask that Scripps be required to implement and maintain effective security protocols going forward.
6. Scripps CEO Chris Van Gorder penned an op-ed in The San Diego Union-Tribune on June 11 detailing the cyberattack's events and calling for greater collaboration between the government and hospitals to thwart attacks.
"Just as protecting the public’s health during a once-in-a-century pandemic takes a village, so will protecting our hospital systems, critical infrastructure, schools, businesses and government entities from criminals who exist in the shadows," he wrote.
7. Scripps declined Becker's Hospital Review's request for comment citing its policy against commenting on pending litigation.