BJC HealthCare Email Data Breach Lawsuit Survives Motions to Dismiss

Share this article on:

A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss.

Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially been compromised in a data breach.

BJC HealthCare had discovered the email accounts of three of its employees had been accessed by unauthorized individuals. The email accounts contained a range of sensitive patient data including Social Security numbers, driver’s license numbers, dates of birth, medical record numbers, patient account numbers, and treatment and clinical information.

The lawsuit listed 10 counts against the defendants: Unjust enrichment, breach of contract, negligence, negligence per se, breach of covenant of good faith and fair dealing, invasion of privacy, vicarious liability, bailment, and violations of the Missouri Merchandising Practicing Act (MMPA) and Illinois Consumer Fraud and Deceptive Business Practices Act (ICFA).

The defendants – BJC HealthCare and BJC Collaborative, LLC – filed two separate motions to dismiss, arguing that the United States District Court for the Southern District of Illinois lacked personal jurisdiction over BJC HealthCare, that the plaintiffs failed to allege an injury sufficient to confer standing, that the compliant should be dismissed in its entirety for failure to state a claim, and that individual counts should be dismissed for the failure to state a claim.

In a June 29, 2021 order, Chief Judge Nancy J. Rosentengel dismissed the invasion of privacy claim as Illinois law states that the party alleging an invasion of privacy must demonstrate the act was intentional. The plaintiffs were unable to prove that was the case. The claim of bailment was also dismissed as the plaintiffs did not allege that they sought a return of their property (their protected health information) or that the health system had failed to return it.

The lawsuit will now proceed and BJC Healthcare must face the remaining 8 counts.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On