For the second time, an Illinois court has dismissed a class-action suit brougt against Downers Grove, Ill.-based Advocate Health and Hospitals for a data breach occurring last summer, according to a Law360 report.
In July 2013, four unencrypted computers were stolen from Advocate's administrative building, putting the personal health information of more than 4 million patients at risk, one of the largest data breaches due to theft reported to date. In September, affected patients filed a class action lawsuit claiming Advocate violated patient privacy laws by failing to encrypt the computers and implement other security measures.
Illinois Sixteenth Judicial Circuit Court Judge James Murphy dismissed the case, saying the plaintiffs' argument that the hospital did not adequately secure patient data and thus increased the risk of harm was not sufficient to confer standing, according to the report. Additionally, he ruled the plaintiffs needed to prove their data had been misused. They lack standing to bring claims against Advocate because they did not allege, and would not be able to prove, the information on the stolen computers was accessed or used by third parties.
"Yes there is an increased risk of harm because it is unknown if, and when, the theft of computers would transmute or ripen into identity theft," Judge Murphy ruled, according to the report. "But there is no actually or impending certainty of identity theft."
The plaintiffs filed the case claiming Advocate was negligent and failed in its duty to protect patients' health information under the Illinois Personal Information Protection Act, Illinois Consumer Fraud Act and HIPAA, according to the report.
A judge in the Nineteenth Judicial Circuit dismissed a similar class action suit in May which alleged Advocate was liable for the data theft. Similarly, the judge ruled the plaintiffs did not having standing to bring the suit because there was not connection between the data on the laptops and a misuse of the patients' information.
Several cases against the health system regarding the data breach are still pending.
More Articles on Data Breaches:
7 Most Common Security Tools to Prevent Unauthorized Access
Blue Shield of California Announces Data Breach Affecting 18k Physicians
Nearly One-Third of HIPAA Complaints Are Not Actual Violations