A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack on the San Diego-based health care system.
The complaints filed Monday in San Diego federal court allege Scripps did not properly safeguard its patients’ personal information stolen in last month’s cyberattack, even though Scripps should have been “on notice” about the potential risk due to similar incidents occurring in the health care industry.
Scripps said earlier this month that it was notifying more than 147,000 people that their personal information was affected, though the health care system said there has been no indication that any data was used to commit fraud.
Despite that, the plaintiffs allege they “are at imminent and impending risk of identity theft” that “will continue for the rest of their lives.”
A spokesman for Scripps Health declined to respond to NBC 7 on Tuesday regarding the suits. Scripps has said in the past that it would be providing complimentary credit monitoring and identity protection support services “for the less than 2.5% of individuals whose Social Security number and/or driver’s license number were involved.”
One of the complaints alleges that the service “does not and will not fully protect the patients from cyber criminals and is largely ineffective against protecting data after it has been stolen” and states cyber criminals will hold onto the stolen data until “long after victims concerns and preventative steps have diminished.”
The plaintiffs seek unspecified damages and for Scripps to implement a number of preventive measures to bolster its cybersecurity.
Scripps Health’s CEO Chris Van Gorder confirmed on Mahy 24 that the attack on its computer systems involved ransomware and that a federal investigation was under way.
The health-care system’s information systems came under attack on May 1, prompting the rescheduling of some services. In late May, most of its technology systems came back online.
Scripps Health did not say whom the cyber crooks were, nor did he specify how much the ransom was being sought.