Associated Press reports:
A University of Pittsburgh Medical Center employee has sued the hospital network for credit restoration services and identity theft insurance in the wake of a data breach that has seen hackers use the personal information of hundreds of employees to file bogus federal income tax returns.
Alice Patrick, who works at UPMC McKeesport hospital, filed her lawsuit against UPMC and Ultimate Software Group Inc., of Weston, Florida, on Friday in U.S. District Court. UPMC isn’t commenting, but an executive with a Florida payroll processing firm is denying the company has anything to do with the data breach affecting as many as 27,000 UPMC employees.
Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.
Read more on The Tribune.
If Ultimate Software Group was sued in error, it would be the second recent breach where that’s happened. Two banks withdrew their lawsuits against Trustwave after finding out Trustwave’s role wasn’t what they thought it was with respect to Target’s massive data breach. In that case, though, Trustwave was involved in Target. In this case, is Ultimate even connected to UPMC?
Because lawsuits can cause reputation harm, even if they’re dismissed later, I would hope that plaintiffs are investigating a bit more before lodging suits. Patrick’s lawsuit is not yet available on PACER, so I don’t know why she alleges Ultimate Software Group had any responsibility, but I’ll follow up.