Having your ePHI dumped on the dark web by threat actors doesn’t necessarily give you standing to sue
In May, 2020, Assured Imaging in Arizona experienced a ransomware attack that they revealed in August, 2020.The incident reportedly impacted 244,813 patients. The data dump by the Pysa threat actors contained a lot of ePHI that appeared to be mostly mammography pre-screening histories or forms with data types such as medical record number, names, addresses, date of birth, referring physician, health insurance carrier information,
and reason for scan with relevant personal and family history.
Earlier this month, Assured got some good news when a federal judge in Tucson dismissed a potential class action lawsuit against them, finding that the plaintiffs did not have standing to sue as they had not alleged an injury in fact. As Reuters reported:
Hinderaker agreed with Assured that the type of information potentially accessed – names, addresses, medical history and other patient data – don’t rise to the level needed to find a “certainly impending injury.”
Read more on Reuters.