A federal judge has tossed two plaintiffs' lawsuits against Universal Health Services over a 2020 ransomware attack that exposed their PHI, but has greenlighted a third plaintiff's lawsuit alleging the cyberattack caused him financial harm.
Five details:
1. In an opinion filed May 17 in the U.S. District Court for the Eastern District of Pennsylvania, U.S. District Judge Gerald McHugh dismissed two plaintiffs' claims that the ransomware attack against the King of Prussia, Pa.-based health system put them at a greater risk for identity theft.
2. The judge upheld claims from the third plaintiff, Stephen Motkowicz, that the ransomware attack and subsequent IT systems downtime delayed a surgery he needed to treat a medical condition.
3. Because of his delayed surgery, Mr. Motkowicz claimed he continued to miss work and then lost his employer-provided health insurance, forcing him to purchase a higher-cost insurance.
4. The judge ruled that Mr. Motkowicz's claim was enough to survive dismissal for now, but added that the theory of cause presented a "significant challenge" and would need to be further evaluated after more investigation.
5. UHS lost $67 million from the malware attack last year, which caused patients to seek care elsewhere and the health system to incur expenses from restoring its operating and IT systems.