In May, 2021, Scripps disclosed a cyberattack that was subsequently identified as a ransomware incident that impacted 147,267 patients. Last month, a potential class action lawsuit was thrown out of federal court because the preponderance of Californnia residents meant it should be in state court, not federal.
This week, Scripps has issued an update to its breach disclosure. That update indicates that Scripps has been mailing notifications to additional individuals who were identified by continuing review after the initial review.
For certain patients, this information included one or more of the following for impacted patients: name, address, date of birth, Social Security number and/or driver’s license number, health insurance information, medical record number, patient account number, financial account information, and/or clinical information, such as diagnosis or treatment information. Importantly, this incident did not result in unauthorized access to Scripps’ electronic medical record application, or MyScripps (MyChart).
While there is no indication that this data has been used to commit fraud, we are providing individuals whose Social Security number and/or driver’s license number were found in documents involved in the incident with complimentary credit monitoring and identity protection support services. We also recommend that affected individuals review any statements they receive from their health care providers or health insurers. If you see any medical services that you did not receive, please call the provider or insurer immediately.
Read more of their update at https://www.scripps.org/cyber-incident.