Scripps Health patients both former and current have begun receiving ransomware attack settlement notifications in the mail.
The bi-fold cards with postage paid and a settlement administrator in Portland may prompt some to wonder if these notices, which offer “$100 in CASH and other benefits” are legit or just the latest sophisticated attempt of scammers looking to pilfer personal information.
Scripps confirmed the authenticity of the mailers in an official statement.
“We are pleased to have reached a settlement that Scripps believes is beneficial to those who may have been affected,” the Scripps statement said. “The parties have not yet received final approval from the court, but preliminary approval has been granted and the parties will complete mailing notification postcards within 30 days of the approval order to the settlement class members.”
An official website — www.ScrippsSettlement.com — has been set up to provide additional information on the process, and those with questions can also call a help line at (800) 708-8796.
Hackers forced a month-long shutdown and a return to paper records throughout the multi-hospital health system in April 2021, accessing data stores of patient records and forcing the provider to notify an estimated 144,000 patients that their personal information had been breached.
Scripps declined to say how much it will pay for the settlement in total, though it will come on top of the $113 million in lost revenue already listed in financial statements.
Anyone who wishes to receive settlement cash must file a claim form to enroll by March 23, 2023.
Those who received notification can also exclude themselves from the settlement class and must submit a formal objection by March 8 telling the court specifically why the proposed settlement does not suffice. Court records indicate that if more than 1,500 opt out, Scripps can walk away from the settlement agreement.
As indicated in a list of frequently asked questions, the base settlement per patient determined to have had their personal information potentially compromised will be at least $100, but amounts can be greater — up to $1,000 — for out-of-pocket expenses related to dealing with the breach such as bank fees, overdraft fees, late fees, cost of credit reports or even interest on payday loans.
A separate “extraordinary out-of-pocket losses reimbursement” category offers up to $7,500 if a person can prove “actual, documented and unreimbursed monetary loss arising out of or relating to identity theft,” that can be traced to the ransomware attack between April 29, 2021, and March 23, 2023.
All settlement participants will also receive 36 months of free identity theft protection without submitting a claim.