CALL 916-777-7777
Youtube Facebook-f X-twitter Linkedin-in

Scripps Health Reports Data Breach

Posted on behalf of Arnold Law Firm in
NOTICE: If you are a Scripps Health employee, physician or provider and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation.
breach digital locksLate on May 1, 2021, Scripps Health (“Scripps”) detected an apparent ransomware attack on their computer network that significantly disrupted patient care. Scripps immediately began to investigate the situation by isolating potential devices and turning off select systems. On May 10, 2021, it was concluded that patient information was taken. On May 15, 2021, Scripps sent out an e-mail to their “Valued Scripps Patient[s]” addressing the “cybersecurity incident on May 1 that resulted in disruption to our IT systems at our hospitals and facilities.” On May 24, 2021, Scripps sent out a second e-mail to their “Valued Scripps Patient[s]” with an update to the cyber incident. Finally, one month after the attack took place, on June 1, 2021, Scripps Health reported to the California Attorney General’s office that on April 29, 2021 an unauthorized person gained access to Scripps’ network, deployed malware and acquired patient information.

WHAT INFORMATION WAS INVOLVED?

On June 1, 2021, Scripps began to send two types of notices to individuals notifying them of the Data Breach. Together, the letters include the following information:
  • First and Last names
  • Addresses
  • Dates of Birth
  • Social Security numbers
  • Driver’s License Numbers
  • Health Insurance Information
  • Medical Record Numbers
  • Patient Account Numbers
  • Clinical Information including; physician names, dates of service, treatment information
The San Diego-based healthcare provider was forced to stop patient access to its online portal, postpone upcoming appointments, and divert trauma patients to other hospitals. Access to electronic medical records and other resources such as medical imaging and telemetry was also affected. Hospitals are considered “soft” targets for ransomware attacks, and medical information is more valuable than other types of stolen personal information. Hackers view hospital systems as relatively easy to breach and healthcare providers are highly motivated to pay a quick ransom. Healthcare systems also tend to be highly connected, so if a breach impacts one part of the system, it has the potential to impact the whole system. According to Scripps, they are still assessing the extent of the attack and will be providing affected individuals with a data breach letter. At this time, it is unclear how many letters are expected to go out. Scripps is a $2.9 billion private, not-for-profit integrated health system in San Diego with over 16,000 employees. The healthcare provider treats more than 700,000 patients annually with 5 acute-care hospitals, home health services, 30 outpatient centers, 14 walk-in clinics, 4 emergency rooms, 3 urgent care centers and hundreds of physician offices.

NOTICE: If you are a Scripps Health employee, physician or provider and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation.

Settlement - $3,767,000

Truck Accident

A 20-year-old man who had been married for just 12 days left home on his way to work. He was driving on Pleasant Grove Road in Sutter County in the early morning when he came upon a slow-moving truck. As he pulled out to pass the truck, the truck driver turned left in front of him. The young man attempted to steer back into his lane but his vehicle struck an un-flagged piece of metal extending from the back of the truck. He died in the resulting crash.

Expert witnesses brought in by the Arnold Law Firm proved that the truck, owned and operated by a hauling firm, should never have been on the highway that morning. Specifically, the rear and side turn signals did not work and the rear-view mirror was in a poor state of adjustment at the time of the collision. As a result, the driver, who had failed to properly inspect the vehicle before setting out that morning, couldn’t see the young man’s vehicle as it attempted to pass.

The poor condition of the truck, its lack of maintenance and the manner in which it was operated were found to be substantial factors in causing the collision that killed the young man. The testimony also established that the man had been making a lawful pass at the lawful speed limit and acted reasonably when he attempted to avoid the collision.

The man’s 20-year-old widow was awarded $3,767,000.77, his parents were awarded $185,131 and the family was reimbursed $11,899 in funeral expenses. Though money is a poor substitute for a young man’s life, this verdict demonstrates that drivers who endanger the lives of others will be held accountable for their actions.