Christopher Brown reports:
Lamoille Health Partners Inc. must face a proposed class action alleging it negligently failed to protect the personal information of 60,000 people that was exposed in a data breach.
Lamoille Health wasn’t entitled to immunity from suit under the Public Health Service Act because the lawsuit’s data breach allegations weren’t interwoven with the provision of medical care, a requirement for immunity under the act, Judge William K. Sessions III of the US District Court for the District of Vermont said Thursday.
Read more at Bloomberg Law (subscription).
DataBreaches had reported the Lamoille breach from the time it first appeared on BlackByte’s leak site in July, 2022 through several updates to the situation. A check of HHS’s public breach tool indicates that HHS has not closed any investigation into this incident.