A Massachusetts Superior Court judge has ruled in favor of a plaintiff seeking to sue Boston Medical Center for money damages in relation to an alleged data breach, according to a Mintz Levin blog post.
In 2014, Boston Medical Center reported 15,000 patients' data was posted without password protection on a transcription vendor's website. The medical center fired the vendor following discovery of the breach.
In Walker et al v. Boston Medical Center Corp. the plaintiffs alleged the hospital notified them of the breach, but there was no reason to suspect the personal health information had been misused. The plaintiffs seek monetary damaged based on the fact of exposure alone, according to the Mintz Levin report. Boston Medical Center moved to dismiss the case, but was unsuccessful.
The court's ruling is significant because it represents a more relaxed approach to "real risk of harm" data breach standards. "Walker represents a comparatively lax approach to standing, in which alleging the mere exposure of information with the potential for access and misuse by unauthorized persons pleads sufficient injury to establish standing and survive a motion to dismiss," according to the Mintz Levin post.