Nonprofit Settles Class Action Lawsuit for $3.5 Million Over Ransomware Attack

Scripps Health in San Diego reached a $3.5 million proposed settlement to resolve a class action lawsuit stemming from a May 2021 ransomware attack and subsequent breach that impacted 2.1 million individuals.

On May 1, 2021, a threat actor gained access to Scripps’ network, deployed malware, and acquired copies of some documents on the network. The ransomware attack led to significant EHR downtime, along with appointment delays and disruptions.

In the class action complaint, plaintiffs alleged that Scripps Health failed to adequately secure and safeguard patients’ sensitive information. The plaintiffs alleged that Scripps Health “negligently created, maintained, preserved, stored, disclosed, and released” class members’ protected health information (PHI) and personally identifiable information (PII) on its network.

Read the source article at healthitsecurity.com