fbpx

Scripps Health Data Breach and Delayed Notice Class Action

Scripps Health provides healthcare services to thousands of patients. It therefore collects and maintains in its systems large amounts of personal and health information. The complaint for this class action alleges that Scripps did not take adequate measures to its systems, and that its failures led to a data breach compromising the information of more than 147,000 people sometime between April and June 2021.

The Nationwide Class for this action is all persons who submitted their private information to Scripps or Scripps’s affiliates and whose private information was compromised because of the data breach discovered in or around April 2021. A California Subclass has also been defined for residents of California.

In either April or May 2021, Scripps became aware of “unusual network activity” in its systems. Information exposed included names, addresses, dates of birth, health insurance information, physicians’ names, and clinical and treatment information.

Scripps did not give victims immediate notice of the intrusion, but the complaint claims that “many patients were notified of the breach through disruption in healthcare services.”

The plaintiff in this case, Madelyn Rosen, has received care from providers in Scripps’s network. The complaint claims that Rosen was one of those who found out about the data breach when she could not get a report from a radiology department: “Rosen called multiple times, and was unable to reach anybody [Scripps] could only share an image, with no report. Rosen estimates both [she] and her doctor lost about 24 hours attempting to receive her health report from [Scripps] while [Scripps] was responding to the Security Breach.”

Around May 10, Scripps said that it had discovered that more patients had been affected and more information exposed than it previously thought.

Notices to the California State Attorney General’s office and to patients seem to have been issued in June. The notice to patients advised patients to review their healthcare statements for any services that they had not received. The complaint quotes Scripps as saying, “To help prevent something like this from happening again, we are continuing to implement enhancements to our information security, systems, and monitoring capabilities.”

However, according to the complaint, Scripps has yet to notify individual patients of which specific kinds of data were stolen.

The complaint alleges that Scripps “failed to implement data security measures designed to prevent this attack, despite repeated public warnings to the healthcare industry about the risk of cyberattacks and the highly publicized occurrence of many similar attacks in the recent past on other healthcare providers.” It also claims that Scripps’s “failure to provide immediate formal notice of the Breach to [Rosen] and Class members exacerbated the injuries resulting from the breach.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Scripps Health Data Breach and Delayed Notice Complaint

July 28, 2021

Scripps Health provides healthcare services to thousands of patients. It therefore collects and maintains in its systems large amounts of personal and health information. The complaint for this class action alleges that Scripps did not take adequate measures to its systems, and that its failures led to a data breach compromising the information of more than 147,000 people sometime between April and June 2021.

Scripps Health Data Breach and Delayed Notice Complaint

Case Event History

Scripps Health Data Breach and Delayed Notice Complaint

July 28, 2021

Scripps Health provides healthcare services to thousands of patients. It therefore collects and maintains in its systems large amounts of personal and health information. The complaint for this class action alleges that Scripps did not take adequate measures to its systems, and that its failures led to a data breach compromising the information of more than 147,000 people sometime between April and June 2021.

Scripps Health Data Breach and Delayed Notice Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy