PACS hack lawsuit tossed
Dave Pearson | May 18, 2022 | Radiology Business | PACS
gavel.jpg

A federal judge has dismissed a class-action lawsuit filed by patients over a data breach at a four-location radiology practice and its countrywide parent company.

The plaintiffs alleged that a 2019-2020 hack of a picture archiving and communication system operated by Mount Kisco, N.Y.-based Northeast Radiology, which is corporately managed by 47-state Alliance HealthCare Services (now part of Akumin Inc.), had burdened them with an “ongoing imminent risk” of identity theft and fraud.

The claims included negligence, breach of contract, violation of a New York General Business Law section and “intrusion upon seclusion.” The patients added that, unlike credit-card theft, this type of privacy infringement gives the victimized no sure way to halt the dissemination of stolen personal information.

The PACS housed more than 1.2 million patient records, although the hack seems to have exposed those from only 29 patients.

Soon after notifying the public of the crime in 2020, Northeast stated there was “no evidence that any personal information was misused by the unauthorized individuals, and Northeast Radiology is not aware of any instances of fraud or identity theft as a result of this incident.”

In this week’s decision,[1] handed down Monday, U.S. District Judge Vincent L. Briccetti rejected the plaintiffs’ arguments and dismissed the case.

He ruled the plaintiffs, Jose Aponte II and Lisa Rosenberg, “failed to allege the type of concrete injury-in-fact necessary to sustain their claims under established standing principles.”

More from Briccetti’s decision as lightly edited for clarity by Law 360:

Even if plaintiffs lost some measure of privacy and that privacy was part of the bargain for medical services, [they] haven’t alleged any concrete harm from the alleged data breach. If plaintiff[s] bargained for data security, and no third party has misused [their] data, then plaintiffs have received exactly what [they] paid for.”

The judge further found that, contrary to the plaintiffs’ claims, Northeast had not “caused unauthorized access by third parties that intruded upon their seclusion,” which is a sufficient injury to confer standing, Law 360 notes.

Briccetti stated that the hackers, not the practice, improperly accessed the data.

More Coverage Related to Northeast Radiology and Alliance Healthcare Services:

Radiology provider launches investigation, notifies patients after hackers infiltrate PACS

Alliance Healthcare Services plans to ‘vigorously defend’ against ‘unfounded’ PACS-breach lawsuit

Akumin bills itself as nation’s No. 2 radiology services provider following $820M Alliance acquisition

Alliance HealthCare finalizes partnership deal with Northeast Radiology

ACR awards Northeast Radiology high distinction

 

Reference:

  1. Aponte et al. v. Northeast Radiology PC et al.” Filed May 16, 2022.

Dave Pearson
Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Related Content

Hospital system data sharing initiative leads to 80% of patients accessing their imaging records
Radiology AI developer Deepc acquires Osimis image management platform
Sectra 'Best in KLAS' among PACS vendors; Agfa, 3M, Fujifilm and Nuance also make imaging list
Best in KLAS 2024 rankings released, showcasing medical imaging IT systems
Optimizing reading efficiency to address radiologist shortages
Radiology embracing the flexibility of imaging data stored off-site in the cloud

Design by Adaptive Theme
Trimed Popup
Trimed Popup