San Diego-based Scripps Health has agreed to pay $3.57 million to settle a lawsuit from victims of a May 2021 ransomware attack that led to a massive data breach, CBS8 reported Dec. 27.
The breach affected 1.2 million patients. As part of the settlement, Scripps agreed to pay a minimum of $100 for each patient and up to $7,500 to each plaintiff who had their identities stolen or who qualified for "extraordinary out-of-pocket expenses."
The health system is providing credit monitoring and identity theft services to victims of the data breach.
"Since the incident, Scripps has notified impacted parties, conducted a full investigation, and implemented a variety of additional safeguards to help reduce the likelihood of a similar incident occurring again," a Scripps spokesperson told CBS8. "As a reminder, there was no unauthorized access to MyScripps patient portal or Scripps's electronic medical records application."