Judge rules post-breach lawsuit allowable against Boston Medical Center

A lawsuit may soon be filed against Boston Medical Center Corp. (BMC) after a judge in the Massachusetts Superior Court ruled that a plaintiff had the right to sue the health system following a breach of their medical records.

In the case, Walker et al v. Boston Medical Center Corp., a patient says that BMC sent them notices that their medical records were "inadvertently made accessible" through an online record transcription service, according to a blog post from Mintz Levin law firm.

BMC tried to dismiss the standing, according to the post, saying exposure of private data without any resulting harm is not enough to sue for financial damages. However, the court denied that motion and said a "real and immediate risk" of injury was sufficient for a plaintiff to demonstrate the standing. 

This shows that even just the exposure of private health information, and the potential that it could be used by the wrong person, may be enough for a lawsuit to be filed, the blog's authors write.

However, they conclude that "any longer lasting principles that develop out of this case may have to await further proceedings to establish what, if any, harm resulted from the breach."

Lawsuits over data breaches and cyberattacks are growing in the healthcare industry. A breach at UCLA Health in July promted a class-action lawsuit only a week after the attack had been disclosed.

In addition, Matthew Karlyn, a partner at Foley & Lardner LLP, told the Wall Street Journal over the summer that chief information officers may soon have to be prepared to be sued themselves.

"We are absolutely going to see more CIOs taking the fall and ultimately being named in lawsuits" Karlyn said.

However, some similar lawsuits over breaches have also been dismissed.

To learn more:
- read the blog post

Read more on