Attorneys for Assured, LLC, the Arizona-based provider of mobile digital mammography and other women's health imaging solutions, have successfully argued for dismissal of a complaint which alleged harm caused in connection to a ransomware attack that occurred in May of 2020.
On May 19, 2020, Assured first learned that its electronic medical records system had been encrypted by ransomware. Following an investigation in August of 2020, the company issued a statement notifying the 244,813 potentially affected patients that some of their confidential medical information may have been compromised.
The lawsuit filed in District Court on behalf of the affected class — represented by attorneys Hart Robinovitch and David Lietz — alleges that, among other injuries caused by Assured’s conduct or negligence, the plaintiffs’ confidential medical information was stolen, which resulted in damages in the form of time and money spent monitoring credit, as well as severe emotional distress and anxiety related to the increased risk that the class will be targeted for fraud at some point in the future.
In December of 2020, attorneys for Assured filed a motion to dismiss plaintiffs’ first amended class action complaint on the grounds that it failed to set forth injuries sufficient to meet the Constitution’s Article III requirements for standing in federal court. The court agreed.
Judge John C. Hinderaker, in his decision filed on May 10, 2021, concluded that the plaintiffs’ allegations, in addition to the speculative nature of the purported injuries, lacked sufficient confirmation that the medical information in question was in fact stolen, according to Reuters
The court distinguished this matter, which involves information that is limited to items such as patient identity, address, and medical reports, from cases in which the stolen data in question included items such as social security and credit card numbers or other data that are arguably more immediately exploitable by fraudsters.
The rapid adoption of telemedicine and other remote digital services to meet the needs of patients during the COVID-19 pandemic may have contributed to an increase in data security vulnerabilities in the healthcare sector — which has seen a 580% rise in ransomware extortion attacks
since the beginning of the pandemic.