close
close


Attorneys for Logan Health want the class-action lawsuit filed by the victims of the November data breach to be dismissed, arguing that the plaintiffs failed to prove the hack caused harm.

The lawsuit, filed in Flathead County Court in March, accuses the non-profit organization of failing to prevent hackers from accessing a file server containing business shares. These computer files contained patient information, but not medical records, as forensic investigators later determined.

As a result of the hack, the personal data of more than 213,000 patients were exposed, of which 174,761 were residents of Montana. In a February 18 letter announcing the break-in, Logan Health officials described the incident as a “highly sophisticated criminal attack.”

Lawyer Mark Kovacic of Great Falls-based Odegaard Kovacich Snipes blamed the nonprofit for protecting patient data and argued in the lawsuit that the breach left his clients vulnerable to fraud, among other losses.

“Because of [Logan Health’s] failure to protect their information, plaintiffs and class members will be at increased risk of identity theft for the rest of their lives,” the lawsuit says.

The lawsuit seeks financial compensation, reimbursement of legal fees, paid identity theft monitoring for an additional five years on top of what medical equipment offers to victims, and asks the court to order Logan Health to further protect sensitive data.

BUT LAWYERS Logan Health says Kovacic and his clients were unable to show any actual damage from the data breach. In a 26-page response filed in the district court on June 1, the non-profit organization requested that the lawsuit be dismissed.

As evidence of the harm caused by the hack, the lawsuit alleges that the two named plaintiffs, Farrah Beretta and Illichia Birk, experienced an increase in phishing and scam attempts in the months following the hack. These two, along with other patients, faced the risk of future identity theft, the expected loss of money spent on identity theft protection, and the loss of privacy.

“Notably, Plaintiffs do not allege that they suffered identity theft or fraud or actually incurred any costs as a result of the incident,” rebutted Gary Zadick of Ugrin Alexander Zadick, the Great Falls law firm representing Logan Health in the case. .

Zadik’s motion for dismissal and the accompanying memorandum criticize the plaintiffs for not having the legal capacity to sue, a burden they must shoulder. According to the motion, the lawsuit does not provide evidence of any financial loss – current or impending – suffered by the couple as a result. Plaintiffs’ other alleged damages, including loss of time, invasion of privacy, and efforts expended to protect against identity theft, “are not specific injuries recognized by the courts,” the motion asserts.

In addition, the lawsuit alleged that Beretta’s credit rating dropped after the breach, arguing that the drop was not due to any action she took. Zadik’s response notes that there is no connection between the hack and Beretta’s new credit rating.

“She does not allege any specific instances of fraud that could have caused her credit score to be downgraded, and does not in fact allege that the downgrade is related to this incident,” the petition reads. “There are several reasons why a credit score could be lowered without specific action, such as failure to make payments on existing debts or requesting a loan from a third party.”

LEGAL ACTION listed seven grounds for compensation on behalf of his claimants. He charged Logan Health with negligence, breach of explicit contract, breach of implied contract, breach of fiduciary duty twice, violation of Montana’s Annotated Computer Security Code, and unjust enrichment.

Zadik’s motion to be fired brings all seven to justice. With regard to negligence, the response confirmed that there was no evidence of financial damage. The document notes that for breach of contract, the lawsuit mentions the nonprofit’s practices regarding confidentiality, but not the actual written agreements.

With regard to invasion of privacy, the response states that Logan Health did not invade the privacy of the plaintiffs.

“No act or omission by Logan Health was intentional and Logan Health itself did not commit the alleged intrusion,” the petition says.

In regards to breach of fiduciary duty, Zadik argues that data security does not depend on the primary exchange of services between patients and Logan Health – medical care. Regarding the alleged violation of the annotated Montana Code, which is related to the timeliness of Logan Health’s announcement of a data breach, the petition argues that the law does not provide for civil liability. In addition, Logan Health warned patients about the break-in in February after confirming the incident in January.

Finally, focusing on unjust enrichment, the petition again notes that Logan Health provided medical services in the first place and did not benefit from the collection of patients’ personal information and did not share this data with other parties.

The argument that part of the plaintiffs’ medical fees went to data protection also does not hold water, the motion says.

“Plaintiffs do not allege that Logan Health did not provide medical services that [they] paid, or even that they were provided inadequately,” it says. “Plaintiffs also don’t allege how much of the money they paid Logan Health was for data privacy versus medical services, making their claim impossible to pursue.”

Zadik asked that the case be dismissed with prejudice, meaning it could not be resubmitted against Logan Health. District Judge Robert Ellison is in charge of the case.

News editor Derrick Perkins can be contacted at 758-4430 or email [email protected]

By them

Leave a Reply

Your email address will not be published.