A panel of three Pennsylvania Superior Court judges has upheld a Common Pleas ruling that UPMC was not negligent following a data breach affecting 62,000 of the Pittsburgh health system’s employees in which thieves obtained the employees’ personal information, including Social Security numbers, addresses, salaries and bank account information.
The employees sued the health system in 2014 for negligence and breach of contract, saying it had not taken proper precautions to keep their personal data safe.
But the judges said that employees provided UPMC with their information for employment purposes, not under any contract promising to keep it safe.
In his May 2015 ruling dismissing the employees’ claims, Allegheny County Common Pleas Judge R. Stanton Wettick Jr. also noted that data breaches have become a widespread and sophisticated criminal activity, and that an entity whose information gets breached is also a victim.
Steve Twedt: email@example.com or 412-263-1963.