Plaintiffs Allege Data Breach by Boston Medical Center, Lawsuit to Go Ahead

Boston, MAOf all the potential data breaches that could lead to headache, heartbreak, identity theft and a data breach lawsuit, perhaps the most damning and potentially embarrassing breach is the unlawful access of medical records. With more hospitals and health care facilities archiving and making medical records available electronically, the risks for those records falling into the wrong hands increases exponentially with increased availability of data and heightened sophistication on the part of criminals.

To that end, plaintiffs alleging a grievous data breach by Boston Medical Center (BMC) will see their data breach class action move forward after a Massachusetts Superior Court judge last month denied a petition by BMC to have the case dismissed.

The class-action data breach lawsuit is Walker and O’Rourke v. Boston Medical Center Corp, Case No. 2015-1733-BLS-1, Massachusetts Superior Court Business Litigation Session. Defendants are Boston Medical Center Corp., MDF Transcriptions and MDF owner Richard J. Fagan.

According to court documents, plaintiffs were notified by BMC about the breach. It was reported that sensitive medical records had been “inadvertently made accessible to the public through an independent medical record transcription service.” BMC, it has been reported, also noted in its communication to plaintiffs that BMC had “no reason to believe that [the release] led to misuse of any patient information.”

Be that as it may, plaintiffs weren’t happy with that position and alleged in the data breach lawsuit no fewer than seven violations. Among those alleged violations were claims for invasion of privacy, breach of confidentiality and breach of fiduciary duty.

The data breach lawsuit reflects a fear that is a common refrain whenever documents archived or maintained online are breached for any reason, and in any fashion: to wit, once data gets online, it remains online. Various breaches of data suffered by retail establishments, the health care industry and even the federal government have all occurred amidst claims that firewalls and encryptions have been more than sufficient.

In reality, it has been found that protections to ensure the preservation of data and other security measures were totally lacking, not sufficiently updated or inferior to technology and expertise already available, and utilized by hackers.

It has been reported that BMC moved to have the data breach lawsuit dismissed on grounds that, in the defendant’s view, no injuries had occurred and no misuse by unauthorized individuals had been found.

In deference to the position taken by the defendant(s), Judge Edward Leibensperger held that plaintiffs had indeed sufficient reason - and had presented enough factual data - to infer that personal information had been potentially accessed during the breach.

Further, the judge held that the communication itself to plaintiff(s) by BMC informing of the data breach was, in itself, sufficient cause to file a statement of claim.

Thus the data breach lawsuit will go ahead.