Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Dittman v. UPMC

Commonwealth Court of Pennsylvania

May 28, 2015

BARBARA A. DITTMAN, GARY R. DOUGLAS, ALICE PASTIRIK, JOANN DECOLATI, TINA SORRENTINO, KRISTEN CUSHMAN, and SHANNON MOLYNEAUX, individually and on behalf of all others similarly situated, Plaintiffs
v.
UPMC d/b/a THE UNIVERSITY OF PITTSBURGH MEDICAL CENTER, and UPMC McKEESPORT, Defendants

          Counsel for Plaintiffs: Gary F. Lynch, Esquire Edwin J. Kilpela, Jr., Esquire Benjamin J. Sweet, Esquire Jamisen A. Etzel, Esquire Michael L. Kraemer, Esquire David M, Manes, Esquire Elizabeth Pollock-Avery, Esquire Karen Hanson Riebel, Esquire

          Counsel for Defendants: John C. Conti, Esquire Christopher T. Lee, Esquire Andrew T. Tillapaugh, Esquire

          OPINION AND ORDER OF COURT

          HONORABLE R. STANTON WETTICK, JR.

         The preliminary objections of defendants ("UPMC") seeking dismissal of both counts within plaintiffs' two-count Second Amended Class Action Complaint are the subject of this Opinion and Order of Court.

         The named plaintiffs and the members of the class consist of all 62, 000 UPMC employees as well as an untold number of former employees, whose names, birthdates, social security numbers, confidential tax information, addresses, salaries, and bank account information were stolen from UPMC's computer systems. The Complaint alleges that UPMC had a duty to protect the private, highly sensitive, confidential and personal financial information, and the tax documents of plaintiffs and the members of the proposed class (Second Am. Compl. ¶ 28).

         Apparently to show the magnitude of the problem of thefts of confidential information, plaintiffs allege that a 2013 Identity Fraud Report released by Javelin Strategy & Research states that in 2012 identity fraud incidents increased by more than one million victims and fraudsters stole nearly $21 billion. This study found 12.6 million victims of identity fraud in the United States in the past year, which equates to one victim every three seconds. The Report also found that nearly one in four data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging (Second Am. Compl. ¶ 30).

          COUNT I-NEGLIGENCE

         In Count I-Negligence-plaintiffs allege that UPMC had a duty to exercise reasonable care to protect and secure its employees' personal and financial information within its possession or control from being compromised, stolen, lost, misused, and/or disclosed to unauthorized parties.

         Paragraphs 52-62 of plaintiffs' negligence count read as follows:

52. Plaintiffs incorporate and re-allege each and every allegation contained above as if fully set forth herein.
53. UPMC had a duty to exercise reasonable care to protect and secure Plaintiffs' and the members of the proposed Classes' personal and financial information within its possession or control from being compromised, lost, stolen, misused, and/or disclosed to unauthorized parties. This highly confidential personal and financial information includes but is not limited to Social Security numbers, dates of birth, full legal names, addresses, bank account information, and other personal information.
54. UPMC's duty included, among other things, designing, maintaining, and testing its security systems to ensure that Plaintiffs' and the members of the proposed Classes personal and financial information in their possession was adequately secured and protected.
55. UPMC further had a duty to implement processes that would detect a breach of its security systems in a timely manner.
56. In light of the special relationship between Plaintiffs and members of the proposed Classes and UPMC, whereby UPMC required Plaintiffs and members of the proposed Classes to provide highly sensitive confidential personal and financial information as a condition of their employment, UPMC undertook a duty of care to ensure the security of such information,
57. Through its acts or omissions, UPMC breached its duty to use reasonable care to protect and secure Plaintiffs' and the members of the proposed Classes' personal and financial information within its possession or control. UPMC breached its duty by failing to adopt, implement, and maintain adequate security measures to safeguard Plaintiffs' and members of the proposed Classes' personal and financial information, failing to adequately monitor the security of its network, allowing unauthorized access to Plaintiffs' and the members of the proposed Classes' personal and financial information, and failing to recognize in a timely manner that Plaintiffs' and members of the proposed Classes' personal and financial information had been compromised.
58. UPMC's failure to comply with widespread industry standards relating to'data security, as well as the delay between the date of the intrusion and the date Plaintiffs and members of the proposed Classes were informed of the Data Breach further evidence UPMC's negligence in failing to exercise reasonable care in safeguarding and protecting Plaintiffs' and the members of the proposed Classes' personal and financial information in its possession or control.
59. But for UPMC's wrongful and negligent breach of the duties owed to Plaintiffs and the members of the proposed Classes, the Data Breach would not have occurred and Plaintiffs' and the members of the proposed Classes' personal ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.