Increased Risk of Harm Not Grounds For Advocate Health Breach Lawsuit

Share this article on:

An Advocate Health breach lawsuit was recently deemed to be too speculative to warrant a class-action claim for damages. The Illinois Appellate Court recently ruled that an increased risk of suffering harm as a result of an exposure of confidential health data, is insufficient by itself to confer standing in a class-action data breach claim. The risk of harm was not deemed to be severe enough to warrant a data breach class action lawsuit. For damages to be awarded, evidence of actual harm must be provided.

The case, Maglio v. Advocate Health and Hospitals Corporation, was filed by Matias Maglio on behalf of Macailee Maglio, Alexander Gill, and a number of other patients and next friends of minors’ affected by the breach. The plaintiffs allege they face an increased risk of suffering identity theft and fraud as a result of the exposure of their Protected Health Information (PHI). No identity theft had yet been reported or been suffered by any of the patients named on the lawsuit. The threat of fraud and loss was believed to be sufficient grounds for the compliant.

The defendants moved to dismiss the case, maintaining the theft of data was not sufficient grounds for any claim for damages, and said the complaint was simply too speculative in nature with no cognizable injury-in-fact suffered by any of the plaintiffs.

The trial court dismissed the case and now too the Illinois Appellate Court. Because there has been no palpable injury suffered by the breach victims, the case was deemed to have no standing. Emotional injury was also claimed to have been suffered by the plaintiffs as a result of the data theft, but the same conclusion was drawn by the court and the emotional damage claim was also considered to be too speculative in nature.

Recent Rulings Have Been in Favor of Plaintiffs


While the Illinois state courts may not be ruling in favor of plaintiffs who file class-actions without having suffered fraud, had their identity stolen or otherwise suffered measurable losses, the same is not the case in other U.S states. In recent weeks a number of court decisions have gone in favor of plaintiffs, even without injuries having been suffered as a direct result of PHI exposure.

However, the recent ruling is unlikely stem the tide of class-action lawsuits that are being filed for breaches of healthcare data and Social Security numbers. With another two multi-million record data breaches reported in recent weeks, more lawsuits than ever are expected to be filed by breach victims seeking damages.

Class action claims for healthcare data breaches may be threatening to swamp the U.S court system, but the Illinois state courts may feel the burden ease. It is probable that class-action data breach lawsuits will be filed in more favorable states over the coming few months in light of the recent ruling.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On