On January 28, 2021, Judge Vincent L. Briccetti of the U.S. District Court for the Southern District of New York granted-in-part and denied-in-part Northeast Radiology, P.C.’s and Alliance Healthcare Services, Inc.’s motion to dismiss claims arising out of a massive data breach caused by the companies’ failure to secure Northeast Radiology’s picture archiving and communication systems, which allowed unauthorized third-parties to access more than 1.2 million patients’ medical records. The data breach compromised highly sensitive personal information, including patients’ name, gender, age, date of birth, exam description, date or service, image, image description, and medical record number, which could correspond with patients’ Social Security number.

The Court refused to dismiss Plaintiff’s negligence, breach of contract, and N.Y. General Business Law Section 349 claims. The Court also rejected Defendants’ challenge to Plaintiff’s standing, holding that Plaintiff’s financial losses and time spent monitoring financial accounts and credit reports supported a finding of injury-in-fact. The Court also agreed that Plaintiff’s risk of future identity theft was sufficient to support standing, and that these injuries were fairly traceable to the data breach.

Lowey Dannenberg’s Christian Levis is leading the prosecution of this ongoing class action. The case is Cohen v. Northeast Radiology, P.C., No. 20-cv-1202 (VB) (S.D.N.Y.) and the opinion can be found here:

Please contact or Christian Levis (clevis@lowey.com) or Andrea Farah (afarah@lowey.com) with any questions about the case.