Scripps Health faces four class-action suits citing ransomware records breach

Class action proceedings have begun to pile up over the ransomware infringement that affected Scripps Health facilities and patients in May.

Two such proceedings were filed in federal court on Monday and have been added to the two cases already in state court books since early June.

Submitted on behalf of various Scripps patients, all referring to the same set of basic facts, Scripps began sending letters to more than 147,000 customers on June 1, personal information during the attack. Warns that may have leaked. The electronic system has been down for almost a month.

One of the two federal proceedings was filed on behalf of San Diego County residents Michael Rubenstein and Richard Machado, and the second involved local residents Kate Rasmuzzen.

The San Diego Superior Court records include a list of cases filed on June 1 and June 7 on behalf of residents and Scripps patients Kenneth Garcia and Johnny Corning.

Everything makes essentially the same basic claim: Scripps failed to meet its obligations to protect patient information, exposing patients to potential fallouts from personal information theft to medical fraud.

Scripps refused to discuss the proceedings because the proceedings are pending.

However, in San Diego County’s second-largest healthcare system, social security and driver’s license numbers are at risk only for a small number of people whose records are at risk (nearly 3,700). It states.

Other information allegedly downloaded from the Scripps server includes address, date of birth, health insurance information, medical record number, patient account number, and clinical information such as doctor’s name, work date, and treatment date. It is said that.

According to the company, much more detailed and potentially sensitive information (from digital x-ray images to doctor’s notes) of the Scripps electronic medical recording system has not been obtained.

After the ransomware attack, class action legal action became common.

Following news of an attack on Universal Health Services Inc. in late 2020, lawyers immediately filed a similar proceeding, shutting down a large provider of 400 hospitals nationwide for three weeks.

Jocelyn Larkin, executive director of the Impact Fund, a legal foundation at the University of California, Berkeley, which provides training, funding and representation in social justice proceedings, said in federal courts and states after a case that affected many. He said it was not uncommon for multiple proceedings to occur in court. Thousands.

The judge first tries to decide whether to certify the class, and basically decides if there is enough commonality among the affected people to be represented as a group.

“Federal and state courts have slightly different standards, but basically the courts have similar claims and the efficiency and impartiality associated with the proceedings as one proceeding rather than many proceedings. I’ll see if you can, “says Larkin.

She said the case could be consolidated and lawyers generally had to cooperate to some extent when trying to come up with a settlement with Scripps.

“In some cases, there can be duplication and people can be involved in multiple cases. It can be a bit annoying,” she said. “Scripps is trying to put together a settlement rather than having people sue over and over again.”

Position determination is the first part of the process. The judge must determine whether the person nominated in each proceeding has suffered enough damage to justify the proceeding and represent others affected as well.

The four cases submitted so far have different levels of peculiarity when harm is a concern.

Rubenstein’s allegations refer to his particular health condition, to the diagnosis of primary multiple anemia, also known as myelofibrosis, and require regular bone marrow biopsy. Unable to access his medical records in the Scripps Patient Data Portal due to a data breach and subsequent computer shutdown, the lawsuit caused Rubenstein to visit the Scripps Health Hematology Clinic and provide the nurse with his test orders. I was forced to ask. ” He said, “I couldn’t confirm if the timing of a particular dose was correct.”

Another patient named in the Rubenstein proceedings, Richard Machado, wrote in his inner records that he had “a very personal surgery” related to his status as a type 2 diabetic. I was worried about the fact that the records were included.

In the case of Rasmuzzen, Corning and Garcia, we focus on the costs associated with protecting personal data and the damage that fraudsters can incur if they obtain and use stolen information for fraudulent purposes. The resulting specific medical impact is reduced.

Larkin said the proceedings filed in state court could only include residents of California, but the level of evidence of specific harm required to obtain certification was not somewhat limited.

“In federal court, individual class members need to be able to show that they have been injured or suffer from an imminent risk of injury in connection with Scripps’ actions,” Larkin said. I will. “In California, the level of proof required to show that you were injured is different and somewhat less rigorous.”

The difference is clear in the case of Universal Health Services class proceedings.

At the first hearing in the UHS case, two of the three nominated patients were dismissed because the allegations of high risk of personal information theft were considered too speculative.

So Record The HIPAA Journal, a trade journal, allowed the proceedings to proceed with the allegations of a third patient who stated that delays due to seizures delayed surgery, forced him to take a leave of absence, and eventually lost his health insurance.

What is the value of those damages? Three of the proceedings are at least $ 1,000 per victim, indicating that punitive damages and actual damages may increase further. Given that Scripps has stated that it has notified approximately 147,000 that their records may be involved in the breach, it is possible to include anyone in the class who has been notified of the breach. If certified, that number could easily reach $ 150 million.
Staff writer Teri Figueroa contributed to this report.

Scripps Health faces four class-action suits citing ransomware records breach Source link Scripps Health faces four class-action suits citing ransomware records breach

Related Articles

Back to top button