A class-action lawsuit filed against imaging chain Northeast Radiology and partner Alliance Healthcare Services over a PACS data breach in 2020 has been dismissed by the U.S. District Court for the Southern District of New York.
The breach occurred when hackers took over the PACS network at Northeast Radiology. About 29 patients were estimated to have been affected by the breach.
Northeast Radiology's partner Alliance Healthcare Services first notified the radiology group about a potential breach in January. Alliance then launched an investigation with a forensic security company, which found unauthorized individuals accessed a system that could have included patients' names, dates of birth, and medical record numbers linked to Social Security numbers.
The lawsuit filed by Jose Aponte II and Lisa Rosenberg alleged that the defendants had failed to protect the plaintiffs' electronic protected health information from unauthorized disclosure. They claimed negligence, breach of contract, breach of implied contract, violation of New York business law, and "intrusion upon seclusion," according to court documents.
In dismissing the case, the court agreed with the defendants that the plaintiffs did not have the standing to bring this action.
"Accordingly, because plaintiffs do not allege that they have suffered, or will imminently suffer, an injury-in-fact, plaintiffs have not established that they have standing," wrote U.S. District Judge Vincent Briccetti.