Scripps Health settles with victims of ransomware attack for $3.5 million

by John R. Fischer, Senior Reporter | January 03, 2023

Business Affairs Cyber Security Emergency Medicine Health IT PACS / Enterprise Imaging

Scripps Health will pay the victims of a ransomware attack $3.5 million in a settlement. (Photo courtesy of Scripps Health)

In a settlement with nearly 1.2 million patients, Scripps Health has agreed to pay over $3.5 million for a massive data breach that placed them at risk of identity theft.

The ransomware attacks occurred in late April and early May 2021 and left the healthcare system relying on offline charts and documentation after suspending online operations for nearly a month, including patient portals, email servers and other applications.

While there was no unauthorized access to Scripps’ MyScripps (MyChart) patient portal or its EMR system, the attackers obtained patient health information and personal financial data.

Patients banded together in numerous lawsuits against the San Diego healthcare providers. Scripps will pay $3.57 million in “minimum cash settlements” of $100 for each plaintiff, according to CBS 8 News.

It will also pay up to $7,500 to those who suffered identity theft and who qualified for “extraordinary out-of-pocket expenses.” It will additionally provide credit monitoring and identity theft protection to all patients who joined the lawsuit.

"We are pleased to have reached a settlement that Scripps believes is beneficial to those who may have been affected … If final approval of the settlement is granted, Scripps will compensate settlement class members for the benefits they are entitled to receive and validly claimed under the settlement, including eligible monetary losses,” a Scripps spokesperson told CBS 8 News.

The settlement still requires final approval. Preliminary approval has been granted, and parties can complete mailing notification postcards within 30 days of the approval order to settlement class members.

Along with mid-year revenue losses, incremental expenses for responding to the attack cost the provider a nearly $113 million loss in just months.

The hacking also led to overcrowding in two nearby EDs at the University of California as Scripps scrambled to transfer patients.

Those who feel they were affected by the breach can still file a claim by March 23, 2023. Settlement class members can go to www.ScrippsSettlement.com or call the settlement administrator's helpline at 800-708-8796 to ask questions or file a claim.

Back to HCB News



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!