Ohio District Court: No Standing Where Patients’ Medical Records “Might” Be Accessed Improperly Due To A Cybersecurity Vulnerability

On December 6, 2018, in Williams-Diggins v. Mercy Health, an Ohio district court granted the defendant’s motion to dismiss a putative class action related to a cybersecurity vulnerability in the Ohio-based medical provider’s computer systems that allegedly left patient health information publicly accessible online for years.

United States District Judge Jeffrey Helmick dismissed the case for lack of jurisdiction (among other reasons), finding that the plaintiff’s theories of harm—overpayment and risk of future exposure or breach of his sensitive health information—were insufficient to create Article III standing.

Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.