By Dan Hounsell

Ransomware attacks can cost healthcare systems in terms of the time and effort to prevent and respond to the event, but in the event of one recent attack, the costs are moving into other areas. 

Class-action lawsuits are piling up around the ransomware breach that impacted Scripps Health facilities and patients in May, according to the San Diego Union-Tribune. Two such cases were filed in federal court recently, joining two already on the books in state court from early June.

All the lawsuits reference the same set of basic facts, noting that Scripps began sending letters to more than 147,000 of its customers on June 1, warning them that their personal information may have been compromised during the attack that kept electronic systems down for nearly a month.

All make essentially the same basic claim: Scripps failed in its duty to protect patient information, subjecting patients to potential fallout from identity theft to medical fraud.

Scripps declined to discuss the suits because they are pending.

San Diego County’s second-largest health care system has said that only a small number of those whose records were at risk — nearly 3,700 — have had their Social Security and/or driver’s license numbers compromised.