To that end, plaintiffs alleging a grievous data breach by Boston Medical Center (BMC) will see their data breach class action move forward after a Massachusetts Superior Court judge last month denied a petition by BMC to have the case dismissed.
The class-action data breach lawsuit is Walker and O’Rourke v. Boston Medical Center Corp, Case No. 2015-1733-BLS-1, Massachusetts Superior Court Business Litigation Session. Defendants are Boston Medical Center Corp., MDF Transcriptions and MDF owner Richard J. Fagan.
According to court documents, plaintiffs were notified by BMC about the breach. It was reported that sensitive medical records had been “inadvertently made accessible to the public through an independent medical record transcription service.” BMC, it has been reported, also noted in its communication to plaintiffs that BMC had “no reason to believe that [the release] led to misuse of any patient information.”
Be that as it may, plaintiffs weren’t happy with that position and alleged in the data breach lawsuit no fewer than seven violations. Among those alleged violations were claims for invasion of privacy, breach of confidentiality and breach of fiduciary duty.
The data breach lawsuit reflects a fear that is a common refrain whenever documents archived or maintained online are breached for any reason, and in any fashion: to wit, once data gets online, it remains online. Various breaches of data suffered by retail establishments, the health care industry and even the federal government have all occurred amidst claims that firewalls and encryptions have been more than sufficient.
READ MORE DATA BREACH LEGAL NEWS
It has been reported that BMC moved to have the data breach lawsuit dismissed on grounds that, in the defendant’s view, no injuries had occurred and no misuse by unauthorized individuals had been found.
In deference to the position taken by the defendant(s), Judge Edward Leibensperger held that plaintiffs had indeed sufficient reason - and had presented enough factual data - to infer that personal information had been potentially accessed during the breach.
Further, the judge held that the communication itself to plaintiff(s) by BMC informing of the data breach was, in itself, sufficient cause to file a statement of claim.
Thus the data breach lawsuit will go ahead.