Data breach lawsuit against New York health system sent back to state court: 5 notes 

A New York federal judge ruled on June 18 that a group of Episcopal Health Services patients suing the Uniondale, N.Y-based health system over a data security incident had grounds to continue the class-action lawsuit in state court, Bloomberg Law reports. 

Five notes: 

1. The group of patients filed a class-action lawsuit in New York state court on Sept. 11, 2019, claiming Episcopal Health Services failed to protect their financial, medical and other personal information from cyberattacks. 

2. As patients of St. John's Episcopal Hospital, the group alleged that one or more of the hospital's employees' email accounts were hacked between Aug. 28, 2018, and Oct. 5, 2018, exposing their information such as Social Security numbers and dates of birth to unauthorized access. 

3. On Nov. 4, 2019, Episcopal Health Services removed the case to federal court, claiming the patients' allegations fell under two federal laws, HIPAA and the Federal Trade Commission Act. The health system also moved to dismiss the complaint. 

4. The patients argued that their lawsuit alleged only state common-law claims for negligent hiring and training of employees, breach of fiduciary duty, breach of implied contract and delay in notifying affected individuals of the breach. 

5. The court ruled that while the patients' complaints referred to HIPAA and the FTCA, neither law allows people to sue for violations and the patients' claims thus do not fall under federal law. The court sent the case back to the state court and did not rule on the motion to dismiss.  

More articles on legal and regulatory issues: 
10 latest healthcare industry lawsuits
UPMC hacking suspect charged in theft of 65,000 employees' data
Nurses accuse Georgia hospital of manipulating COVID-19 test results

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars