Logan Health’s lawyers want a class action lawsuit filed by victims of a data breach in November to be dismissed, arguing that the plaintiffs cannot prove that the hack caused harm.
Filed in Flathead County Court in March, the case accuses the nonprofit organization of failing patients by failing to prevent hackers from accessing a file server containing shared business folders. These computer files contained information about the patient, but not medical records, as forensic scientists later found.
The private data of more than 213,000 patients – 174,761, including Montana residents – were revealed during the hacking. Logan Health officials described the incident as a “very complex criminal attack” in a February 18 letter reporting the violation.
Great Falls-based lawyer Mark Kovacic has assigned Odegaard Kovacich Snipes responsibility for protecting patients’ data at the organization’s feet at a non-profit, claiming in court that the breach left his clients vulnerable to fraud, among other losses.
“Because [Logan Health’s] if they do not protect their information, plaintiffs and class members will be at increased risk of identity theft for the rest of their lives, the lawsuit said.
The lawsuit seeks financial compensation, reimbursement of court fees, monitoring of paid identity theft for an additional five years beyond what medical clothing offers victims, and asks the court to direct Logan Health to further provide confidential information.
BUT THE LAWYERS Logan Health says Kovacic and his clients have failed to show any real damage from the data breach. In a 26-page response filed with the district court on June 1, the nonprofit called for the lawsuit to be dismissed.
As evidence of the damage caused by the hacking, the lawsuit alleges that the two plaintiffs, Fara Beretta and Ilihia Birk, experienced an increase in phishing and fraud attempts in the months following the violation. Both, along with other patients, suffered from the risk of future identity theft, expected loss of money spent on protection against identity theft and loss of confidentiality.
“In particular, the plaintiffs do not allege that they suffered identity theft or fraud, or actually incurred any costs as a result of the incident,” said Gary Zadik of Ugrin Alexander Zadick, a law firm in Great Falls representing Logan Health. on the case.
Zadick’s proposal for rejection and the accompanying memorandum accuse the plaintiffs of lack of legitimacy to sue, a burden they must face. The court does not offer evidence of any financial damage – current or forthcoming – suffered by the couple as a result, according to the proposal. Other alleged damages to the plaintiffs, including loss of time, privacy and efforts to protect against identity theft, “are not specific injuries accepted by the courts”, the proposal said.
In addition, the lawsuit alleges that Beretta’s credit rating declined after the breach, arguing that the decline was not due to any action she took. Zadik’s response noted the lack of a link between the hack and Bereta’s new credit rating.
“She does not claim any specific incidents of fraud that would lead to a downgrade of her credit rating, and in fact she does not claim that the reduction is related to the incident,” the proposal said. “There are many reasons why someone’s credit rating may be downgraded without taking specific action, such as non-payment of existing debts or a third party credit inquiry.
THE CASE lists seven grounds for compensation on behalf of its applicants. He accused Logan Health of negligence, breach of express contract, breach of implied contract, breach of fiduciary duty twice, breach of Montana’s annotated code for computer security and unjust enrichment.
Zadik’s proposal for dismissal requires all seven. For negligence, the reply again states the lack of evidence of financial damage. In the event of a breach of contract, the document notes that the case refers to the non-profit’s confidentiality practices, but not to actual written agreements.
As regards the invasion of privacy, the reply stated that Logan Health had not interfered with the applicants’ confidentiality.
“No action or omission of Logan Health was intentional and Logan Health itself did not carry out the alleged intrusion,” the proposal said.
Addressing the breach of fiduciary duty, Zadik argues that data security is independent of the basic exchange of services between patients and Logan Health – medical care. As for the alleged annotated breach of the Montana Code, which revolves around the timeliness of Logan Health’s data breach report, the proposal argues that the law does not provide for civil liability. Logan Health also warned patients about the hacking in February after confirming the incident in January.
Finally, focusing on unjust enrichment, the proposal reiterates that Logan Health mainly provides medical services and has not benefited from the collection of personal information from patients and has not passed this data on to other countries.
The argument that part of the plaintiffs’ fees for medical services went for data protection is also unsubstantiated, is concluded in the request.
“The plaintiffs do not claim that Logan Health did not provide the medical services that [they] paid or even inadequately provided, ”it said. “The plaintiffs also fail to state how much of the money they paid Logan Health was for the confidentiality of the data compared to medical services, making their claim impossible to assess.”
Zadik demanded that the case be rejected with prejudice, which means that it cannot be re-filed against Logan Health. District Judge Robert Alison is overseeing the case.
News editor Derrick Perkins can be found at 758-4430 or [email protected]