Slashdot Mirror

← Back to Stories (view on slashdot.org)

Federal Court: Theft of Medical Records Not an 'Imminent Danger' To Victim

Posted by Soulskill on from the physician-secure-thy-networks dept.

chicksdaddy writes: A federal court in Texas ruled last week that a massive data breach at a hospital in that state didn't put patients at imminent risk of identity theft, even when presented with evidence that suggested stolen patient information was being used in attempted fraud and identity theft schemes. According to a post over at Digital Guardian's blog Beverly Peters was one more than 400,000 patients of St. Joseph Hospital whose information was stolen by hackers in an attack that took place between December 16 and 18, 2013.

Peters alleged that her personal information had been exposed in the breach and then disseminated in the public domain, where it was being "misused by unauthorized and unknown third parties." Specifically: Peters reported that, subsequent to the breach at St. Josephs, her Discover credit card was used to make a fraudulent purchase and that hackers had tried to infiltrate her Amazon.com account — posing as her son. Also: telemarketers were using the stolen information. Peters claimed that, after the breach, she was besieged with calls and solicitations for medical products and services companies, with telemarketers asking to speak to her and with specific family members, whose contact information was part of the record stolen from St. Joseph's.

As a result, Peters argued that she faced an "imminent injury" due to "increased risk" of future identity theft and fraud because of the breach at St. Joseph, and wished to sue the hospital for violations of the Fair Credit Reporting Act (FCRA). But the court found otherwise, ruling that Peters lacked standing to bring the case in federal court under Article III of the Constitution. That was because she hadn't been able to prove any direct damages from the attempted identity theft that occurred in the past (Discover reversed the fraudulent charge), while the threat she faced in the future was not "imminent."

As this article notes, the ruling turns on a high profile case involving government surveillance and the now-infamous FISA courts dating back to the Carter administration: Clapper v. Amnesty International USA. In that case, the U.S. Supreme Court ruled against the human rights group and a collection of lawyers and reporters in a challenge to part of the Foreign Intelligence Surveillance Act (FISA). The plaintiffs said they feared that their sources, colleagues and clients would be targets of U.S. government surveillance, and the threat would force them to take expensive security measures to keep their communications private. The High Court ruled otherwise, saying the threat of government surveillance was hypothetical, but not "certainly impending."

In his 15 page ruling (PDF), U.S. District Judge Kenneth Hoyt said the same logic applied to Peters' suit as well. "Under Clapper, Peters must at least plausibly establish a "certainly impending" or "substantial" risk that she will be victimized," Hoyt wrote. "The allegation that risk has been increased does not transform that assertion into a cognizable injury.

149 comments

  1. Exactly! by hsmith · · Score: 5, Funny

    Because just like a credit card number when that is lost / stolen, they can just issue you a new medical history. They can undo the fact you may have diabetes, cancer, HIV, MS, heart disease all really easily and it won't impact your life at all.

    1. Re:Exactly! by monkeyzoo · · Score: 2

      This story is so F*ed up! It makes me sad, angry, and scared!!!
      I there any further appeal going to take place, or is this it?!

    2. Re:Exactly! by gweihir · · Score: 3, Insightful

      Indeed. It shows that the legal system is fundamentally broken and incapable of dealing with the problems arising in an information-based society. No surprise.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Exactly! by MobSwatter · · Score: 1

      I would tend to disagree on theft with no victims. What happens when the person that got their medical records stolen finds this was promoted by or done by the people that now harass them on the phone. And when said victim shows up on their doorstep with a baseball bat because the law (not unlike 9/11) failed to act and have now produced case law that will prevent them from having to act on it in the future? I think their are more individual people than corporations, think the law will fail to act on backlash?

    4. Re:Exactly! by easyTree · · Score: 1

      So... which is this? stupidity or corruption?

      --
      Requiem for the American Dream
    5. Re:Exactly! by weilawei · · Score: 1

      Are the two mutually exclusive?

    6. Re:Exactly! by gtall · · Score: 5, Insightful

      No, it shows that a judge in Texas is screwed up. Arguing from a single point to an entire set of points is generally a hard argument to make, I suggest you take Logic 101.

    7. Re:Exactly! by Anonymous Coward · · Score: 0

      I 3 the nation state. Our great benevolent farmers tending their chattle.

    8. Re:Exactly! by easyTree · · Score: 1

      Yes.

      --
      Requiem for the American Dream
    9. Re:Exactly! by HiThere · · Score: 1

      If this were a single data point, I would agree with you. Unfortunately, it's merely the most recent.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    10. Re:Exactly! by Anonymous Coward · · Score: 0

      It shows that most judges are fundamentally retarded.

    11. Re:Exactly! by The+Wild+Norseman · · Score: 1

      "Hey, I've always wanted to have sex with two beautiful women such as yourselves, but I've never had the nerve. Well, I'm dying of cancer and... well... here. Let me show you my medical records first."

      --
      "A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
    12. Re:Exactly! by Aighearach · · Score: 1

      Of course there will be appeals, and of course this is just another weird decision from Texas that will get reversed by the Appeals Court.

      Not really sure why it hit slashdot before an appeal. This is routine nonsense a case has to go through when you're suing anybody with deep pockets. Justice will be delayed, but not denied; the wheels of Justice turn slowly, but they do turn.

    13. Re:Exactly! by datavirtue · · Score: 1

      The judge does not want to make a ruling that would set precedent for preserving the privacy of medical data as information the government does not have a right to...a ruling that would eventually be overturned in another case loosely related to medical privacy...like this one.

      --
      I object to power without constructive purpose. --Spock
    14. Re:Exactly! by Sarten-X · · Score: 1

      This is a perfectly predictable ruling. Frankly, I'm amused that a lawyer even took the case to court.

      The legal use of the term "imminent" doesn't mean "probably going to happen". "Imminent" means that, barring exceptional circumstances or luck, a particular result will happen before anyone has a reasonable chance to stop it.

      Aim a loaded gun at someone and pull the trigger, and injury is imminent. Aim at a vital area, and death is imminent. Leave a knife in an unlocked drawer when a young child is nearby who could get the knife and harm himself... not imminent. In this case, the breach didn't cause any imminent harm. The culprit had an opportunity to not sell or use the data, so there's a break in the causality. From a legal standpoint, the hospital is not at fault for someone else deciding to steal an identity, even though they may have made it easier to do so with their lax security. In precisely the same manner, a gun dealer isn't liable for an apparently-benign buyer killing someone with a recently-purchased weapon.

      That's really what the decision means. The hospital didn't directly cause the use of a stolen identity, so they're not at fault for that particular offense. There probably is still a HIPAA violation somewhere in this mess, though, and they'd be liable for that (because the administration would have made the decision not to implement strong enough security), but that's not the lawsuit in question.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    15. Re: Exactly! by Anonymous Coward · · Score: 0

      You mean like someone actively trying to hack her accounts? Wait, you're right! That's immediate...

  2. We Are Just Serfs by Anonymous Coward · · Score: 2, Insightful

    So, basically, it seems from now on that attempted murder is going to be dropped as a crime, because a bullet would actually have to hit you, or at least graze you, in order for there to be a risk of harm? This is just another sign that the corporatocracy that we live in is never again going to recognize and respect the rights of individuals that are bearing the brunt for sloppy security and an unwillingness to recognize -- or care about -- the danger that results from it.

  3. Hey, no worries. It's no big deal by NotDrWho · · Score: 4, Interesting

    I wonder if Judge Kenneth Hoyt would be cool with hackers openly posting all of his personal info online. After all, it's not a cognizable injury or anything.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Hey, no worries. It's no big deal by monkeyzoo · · Score: 4, Insightful

      Open call to doxx the judge? Anonymous, are you listening?
      And then if the gov't catches the hackers, they can just say, hey there was no harm!!! He said so himself!

    2. Re:Hey, no worries. It's no big deal by g0bshiTe · · Score: 1

      Dox him and let's find out.

      --
      I am Bennett Haselton! I am Bennett Haselton!
    3. Re:Hey, no worries. It's no big deal by Anonymous Coward · · Score: 0

      It would be interesting to see if that changed his mind.

    4. Re:Hey, no worries. It's no big deal by NatasRevol · · Score: 1

      No need to dox him. Just find out what hospital his medical records are at...

      --
      There are two types of people in the world: Those who crave closure
    5. Re:Hey, no worries. It's no big deal by Gr8Apes · · Score: 3, Insightful

      While normally I'd say no, in this case, the only way this judge will see the light is to personally experience just exactly what it means to be hacked. He's already demonstrated a total lack of understanding with actual evidence thrown in front of him, so maybe the experience will enlighten him. Would his position be the same with the meth-addicted gun toting neighbor that shoots randomly into the neighborhood yesterday, that he's not an imminent threat today.... some people are just idiots.

      --
      The cesspool just got a check and balance.
    6. Re:Hey, no worries. It's no big deal by easyTree · · Score: 1

      Where... was the line between opinion and incitement, again?

      Wherever the guy weighing the contributions from those with vested interests decides it is?

      --
      Requiem for the American Dream
    7. Re:Hey, no worries. It's no big deal by tnk1 · · Score: 5, Insightful

      I don't know that this is entirely fair. While a lot rides on a judge's opinion, in the end, the judges are only supposed to interpret the law and precedents from higher courts, not make things up as they go along. If there had been no precedent (ie. the Clapper decision), he may have felt more free to define a better test for "imminent threat".

      Most lower court judges work to make sure their decisions will pass muster on appeal. That requires them to respect precedents or you can be sure that those judges will be constantly overruled on appeal. And if a judge is constantly overruled on appeal, it means that more cases end up waiting on appeals and fewer cases can be heard. If the Supreme Court is constantly having to decide cases that end up in their lap on appeal, they'll have no time to ensure the most important ones get their time. If a judge becomes a passthrough to an appeal, that judge will have their reputation and possibly their career suffer.

      There is a reason that judges are appointed, sometimes for life. They're supposed to be accountable to the law, not the electorate directly. If we have a problem with definitions, we need to get legislation with the right definitions. I am not suggesting that anyone get doxxed, but if someone was to be, it needs to be legislators.

    8. Re:Hey, no worries. It's no big deal by RingDev · · Score: 1

      Not saying that this judge is deserving of a doxxing, but I would like to point out his trial history: http://www.plainsite.org/judge...

      Which includes almost $300,000 in civil forfeiture cases in southern Texas. Those cases most folks refer to as "state-sanctioned highway robbery".

      -Rick

      --
      "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
    9. Re:Hey, no worries. It's no big deal by Kaenneth · · Score: 4, Informative

      True:

      http://en.wikipedia.org/wiki/V...

      "Congress passed the VPPA after Robert Bork's video rental history was published during his Supreme Court nomination."

    10. Re:Hey, no worries. It's no big deal by wiredlogic · · Score: 3, Insightful

      You don't get a free pass to throw out common sense when you enter the judiciary.

      --
      I am becoming gerund, destroyer of verbs.
    11. Re:Hey, no worries. It's no big deal by NotDrWho · · Score: 1

      No doxxing, please (two wrongs don't make a right). The guy's apparently well-known already anyway, and quite the infamous judicial nutcase. A classic case for why judges shouldn't be allowed to serve for life.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    12. Re:Hey, no worries. It's no big deal by Anonymous Coward · · Score: 0

      "Judge" implies the use of judgement when making decisions. If judges are only going to behave as mindless automatons they should be called something else.

    13. Re:Hey, no worries. It's no big deal by tnk1 · · Score: 1

      Yes, but if common sense does not conform to a legal precedent, the precedent wins. That's the system. If the precedent needs changing, then the higher court needs to act on it, or it needs to be overridden by legislation.

      If there is no precedent, then sure, the judge can apply their own sense with a lot more leeway.

      The problem is that when you expect a judge to use their "common sense", what that is varies for every person, even if just a little bit. Judges are in a position to legislate from the bench without being elected by anyone, so if you let them use "common sense", you may not always like the result.

      This is already an issue, but it is mostly tamed by making the strongest precedents made by the Supreme Court, which are more likely to be noticed by the legislature, and the people, and overridden by others.

    14. Re:Hey, no worries. It's no big deal by HiThere · · Score: 1

      If judges are only going to behave as mindless automatons, they should be replaced by cheaper ones that don't take time off and work 24/7.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    15. Re:Hey, no worries. It's no big deal by redlemming · · Score: 1

      I don't know that this is entirely fair. While a lot rides on a judge's opinion, in the end, the judges are only supposed to interpret the law and precedents from higher courts, not make things up as they go along. If there had been no precedent (ie. the Clapper decision), he may have felt more free to define a better test for "imminent threat".

      You've forgotten that this is the USA, where the highest law of the land is the Bill of Rights.

      The Anti-Federalists opposed the original Constitution on many grounds, including a) there was no Bill of Rights, and b) any Bill of Rights would be incomplete.

      During the ratification process, promises were made that this issue would be dealt with. James Madison wrote a Bill of Rights, and cleverly made it open-ended, by providing for unspecified rights retained by the people (9th Amendment) and reserved to the people (10th Amendment), allowing the future assertion of rights as needed.

      Thus, interpreting the law, in this country, is supposed to mean the judges consider not just precedents by their peers, but also any rights the people might want to assert under the 9th or 10th Amendments. An oath to uphold the Bill of Rights requires this of judges (as it does of all legal professionals, in any aspect of the practice of law).

      In practice, the US legal profession seems to find it convenient to ignore this aspect of the Bill of Rights whenever they think they can get away with it. Perhaps this is because one of the rights the people might want to retain to them is the right to ethical practice of law, a right that would necessarily force many changes to how law is practiced at present. Then there's the right to ethical government ...

      In this particular case, consider the following:
      1. A claim was made by the lawyers for the defense of no injury, and thus, no standing.
      2. For an identity theft victim to be forced to deal with credit card companies and online vendors as a result of this information breach takes time, and thus robs that person of an irreplaceable portion of their life, which is finite.
      3. We consider kidnapping a crime in part because the same kind of theft (of a portion of a person's finite life) happens during kidnappings. Hence, an injury or damage has in fact occurred as a result of the information breach.
      4. Legal professionals often work as intermediaries between private citizens and organizations or bureaucracies. People often hire them not because they have to, but rather because they don't want to deal with the hassle and potential loss of time associated with various situations.
      5. A claim that "no damage" has been suffered can be expected to increase the demand for the services of legal professionals, as a class in society, in future situations involving identity theft (where they can be expected to function both as intermediaries, and in otherwise providing advice and assistance). Further, protecting the hiring of legal professionals in situations where people don't strictly need them is of interest to the profession.
      6. The alternative, of course, would be to expect businesses to provide a reasonable level of security over the private information (something that would certainly be required under any 9th Amendment right to privacy -- nothing in the 9th Amendment limits its application to just government). Capitalism on the large scale necessarily requires some government regulation or other limitation on the conduct of business (quite of lot of Adam Smith's writing discusses this), and in the absence of competent direct regulation by government, rights arising under the 9th Amendment can be made to serve.

      Note the ethical conflict of interest this situation poses for legal professionals, as a class in society. On the one hand, they increase their future business, and their job security, on the other hand they create a situation where the public might become more aware of the 9th Amendment and its implications (a very scary thing for the profession).

  4. My Wallet by Akratist · · Score: 2

    So, if I dropped my wallet, I wouldn't expect that there is an imminent danger that someone will take all the cash out of it and spend it?

    1. Re:My Wallet by wonkey_monkey · · Score: 2

      No, no, no - this is like if you dropped your wallet, and someone used the personal information inside (from your driver's licence, credit cards, etc) to steal your identity, get a credit card in your name, spend the bank's money, and leave you liable.

      I trust that, like the judge in this case, you can now see why this is not a problem at all.

      Uh...

      --
      systemd is Roko's Basilisk.
    2. Re:My Wallet by Anonymous Coward · · Score: 0

      No, no, no - this is like if you dropped your wallet, and someone used the personal information inside (from your driver's licence, credit cards, etc) to steal your identity, get a credit card in your name, spend the bank's money, and leave you liable.

      I trust that, like the judge in this case, you can now see why this is not a problem at all.

      Uh...

      Actually, it's more like you put your wallet in a safe deposit box and payed a bank to secure it. Then someone broke into the bank, stole your wallet, and used the information therein to take out a credit card with the SAME BANK. Then a judge declares that not only can you not sue the bank, but you're responsible for the fraudulent charges as well as any future charges made by the thieves who took your wallet.

    3. Re:My Wallet by WorBlux · · Score: 1

      Um no, The fraudulent charge was refused/waived by the credit card company, leaving the lady with no injury to claim. Secondly no evidence was entered to prove the data was from that particular breach.

  5. Texas Morons by Anonymous Coward · · Score: 0, Interesting

    What a clueless moron that judge is. No wonder in a state that teaches intelligent design and where half the people are functionally illiterate and marry their cousins.

    1. Re:Texas Morons by BCtoo · · Score: 1

      He's a graduate of Thurgood Marshall University. Sounds like a liberal education to me.

  6. Possession by Anonymous Coward · · Score: 0

    If you can own I tellectual property, there ought to be a corresponding recourse to sue the telemarketers for possession of stolen goods. Even if they try to argue they didn't know it was stolen, they didn't do due diligence on the source: if you buy a new "Louis Vitton" purse from a guy in the parking lot for $20, you don't technically know its not legit, but you can't play stupid.

  7. Law does not equal justice by Anonymous Coward · · Score: 0

    Courts apply the law - justice is a bit more nebulous.

    1. Re:Law does not equal justice by kilfarsnar · · Score: 2

      Courts apply the law - justice is a bit more nebulous.

      This is why I say we have a legal system, not a justice system.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    2. Re:Law does not equal justice by fustakrakich · · Score: 1

      Then the DOJ better change its name.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Law does not equal justice by gweihir · · Score: 1

      There actually seems to be less and less of a connection between the two.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Law does not equal justice by kilfarsnar · · Score: 1

      Yeah, well we don't have a War Department anymore either.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    5. Re:Law does not equal justice by easyTree · · Score: 1

      That would remove the intentional irony. Doh.

      --
      Requiem for the American Dream
    6. Re:Law does not equal justice by mrchaotica · · Score: 1

      Why? It perfectly fits the government's 1984-inspired naming convention, just like the Department of Defense (née War*) and the Department of Homeland Security.

      (* It was renamed in 1949 in an amendment to the National Security Act of 1947, which was the law that established the CIA, among other things. Coincidence?)

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    7. Re:Law does not equal justice by CrimsonAvenger · · Score: 1

      Yeah, well we don't have a War Department anymore either.

      Note, for those who don't know, that the War Department was the original name for what is now the Department of the Army and the Department of the Air Force (when there was a War Department, there was no USAF).

      Both are, of course, subordinate to the Department of Defense....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
  8. Totallly reasonable ruling by gurps_npc · · Score: 3, Insightful
    "Imminent threat" seems to me to be the opposite of "increased risk".

    Frankly, this guy seems to be using the same definition of "imminent threat" that the CIA uses when it determines who to kill/torture.

    Which is of course a huge red flag that you have made a mistake. I mean really, thinking like the CIA?

    --
    excitingthingstodo.blogspot.com
    1. Re:Totallly reasonable ruling by TFlan91 · · Score: 2

      "Imminent threat"

      That sounds soooooo familiar... I just can't place it...

    2. Re:Totallly reasonable ruling by penix1 · · Score: 4, Insightful

      To my lay eye (IANAL and all) this is enough to justify more than imminent threat but actual harm:

      subsequent to the breach at St. Josephs, her Discover credit card was used to make a fraudulent purchase and that hackers had tried to infiltrate her Amazon.com account -- posing as her son. Also: telemarketers were using the stolen information. Peters claimed that, after the breach, she was besieged with calls and solicitations for medical products and services companies, with telemarketers asking to speak to her and with specific family members, whose contact information was part of the record stolen from St. Joseph's.

      For this judge to say it is simply ignoring the actual harm done is mind blowing...

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    3. Re:Totallly reasonable ruling by JaredOfEuropa · · Score: 1

      These are claims; a judge would require proof of this. The hack and calls will be hard to prove (unless she recorded the calls), but presumably there is proof of the fraudulent purchase. Even so, she'd have to prove that the thieves got the CC details from the St. Joseph leak and not from elsewhere.

      However I'd think that the bar for such proof wouldn't be all that high when the judge is merely determining if the plaintiff has standing; that definitive proof should wait until the case is actually tried. Then again I don;t know all that much about how this would work in courts in the US.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    4. Re:Totallly reasonable ruling by penix1 · · Score: 2

      First of all, yes they are claims partially substantiated by documents (CC Statements) and in the case of Amazon, any confirmation emails (which I assume they have since they thwarted the attempt).

      Still, that, to me, is more than enough to justify not only standing but the claim of "imminent harm" wich this judge is denying.

      --
      This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
    5. Re:Totallly reasonable ruling by Anonymous Coward · · Score: 0

      The opposide of "increased risk" would be "decreased risk". "Imminent danger" would be the term one might use if attempts have already begun and are ongoing, is is the case here. So I'll disagree with you on this matter.

    6. Re:Totallly reasonable ruling by suutar · · Score: 1

      the problem is that once the fraudulent purchase is reversed (which it was) it's no longer legally "harm" because you aren't out any money.

    7. Re:Totallly reasonable ruling by Sabriel · · Score: 1

      Except for the time you spent chasing the money back and dealing with all the crap the ID theft caused. And time is money, as any lawyer who's ever billed for his time could tell you.

    8. Re:Totallly reasonable ruling by Anonymous Coward · · Score: 0

      the problem is that once the fraudulent purchase is reversed (which it was) it's no longer legally "harm" because you aren't out any money.

      You might have a point if the only potential loss were money, but identity theft is so much more than that. Identity theft can end up on diverse places such as your credit report or a criminal background check. Not only can clearing your name take up an enormous amount of time and mental/emotional energy, but it can have legal and financial implications as well. It also has implications for the victim's employment and housing options. You are incredibly naive if you think this is only about a fraudulent charge on your credit card.

  9. What's next? by AndyKron · · Score: 1

    Sounds like our system of law is broken. What's next?

    1. Re:What's next? by N!k0N · · Score: 1

      Identify the source, and route around it?

  10. "Standing" by sycodon · · Score: 5, Insightful

    The concept of Standing has to be the most abused notions in the legal system, especially with regards to the government.

    You should not have to prove you have been specifically injured in order to make the government follow the law.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:"Standing" by kilfarsnar · · Score: 5, Insightful

      The concept of Standing has to be the most abused notions in the legal system, especially with regards to the government.

      You should not have to prove you have been specifically injured in order to make the government follow the law.

      It's even worse nowadays, because the government does so much in secret the evidence you have been injured is classified.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    2. Re:"Standing" by Anonymous Coward · · Score: 3, Interesting

      Do you have any concept of what the case is about here?

      Standing requires you to have:
      1) actual injury (or imminent injury);
      2) The injury must be caused by the defendants' actions or negligence;
      3) The injury must be redressable - e.g., it must be likely that court action will remedy the situation and make the plaintiff "whole" again;

      What is alleged by the plaintiff in this case is that "I'm at heightened risk of identity theft because of this, therefore St. Joseph's is in violation of the law and should be punished for the leak." Except every injury she claims is theoretical - not imminent, and there is no way of telling from ONLY her claims whether or not these claimed injuries were caused by the St. Joseph's leak. My medical records have never been breached, but somebody's stolen my credit card number before... so there are, clearly, other ways for a credit card number to be stolen. My medical records have never been breached, but I've received spam mail that appears to be from my own email address - so again, clearly there's other ways for this to happen. My medical records have never been breached, but I've received numerous and frequent calls from telemarketers - again, if all they have is her claim, then the preponderance of the evidence doesn't show that St Joseph's is the CAUSE of her woes.

      What's more, the only *actual injury* she's sustained has been fixed already - Discover declined the charge & issued her a new account.

      What's left is big scary sounding ghost stories that "someday some hacker might use my stuff to do scary stuff, and the only way that could have happened is through St. Joseph's negligence."

      So... yeah, she doesn't have standing to file a class action suit. In making this judgement, the government *is* following the law. Of course, if you'd like to revise the rules for Standing, then I'll go file a federal case against you because I'm afraid that something I've said here might make you punch me in the mouth someday. Because you know, punching someone in the mouth is against the law, and you MIGHT do it to me someday, so it never hurts to get you thrown in jail ahead of time - right?

    3. Re:"Standing" by Anonymous Coward · · Score: 1

      Isn't the concept of Standing required to prevent random people without any real inerest in the matter (or actually an interest to lose the case) to bring charges and set a precedent that is opposite to what a competent party might have achieved?

    4. Re:"Standing" by ColdWetDog · · Score: 1

      Do you have any concept of what the case is about here?

      Standing requires you to have:
      1) actual injury (or imminent injury);
      2) The injury must be caused by the defendants' actions or negligence;
      3) The injury must be redressable - e.g., it must be likely that court action will remedy the situation and make the plaintiff "whole" again;

      What is alleged by the plaintiff in this case is that "I'm at heightened risk of identity theft because of this, therefore St. Joseph's is in violation of the law and should be punished for the leak." Except every injury she claims is theoretical - not imminent, and there is no way of telling from ONLY her claims whether or not these claimed injuries were caused by the St. Joseph's leak. My medical records have never been breached, but somebody's stolen my credit card number before... so there are, clearly, other ways for a credit card number to be stolen. My medical records have never been breached, but I've received spam mail that appears to be from my own email address - so again, clearly there's other ways for this to happen. My medical records have never been breached, but I've received numerous and frequent calls from telemarketers - again, if all they have is her claim, then the preponderance of the evidence doesn't show that St Joseph's is the CAUSE of her woes.

      What's more, the only *actual injury* she's sustained has been fixed already - Discover declined the charge & issued her a new account.

      What's left is big scary sounding ghost stories that "someday some hacker might use my stuff to do scary stuff, and the only way that could have happened is through St. Joseph's negligence."

      So... yeah, she doesn't have standing to file a class action suit. In making this judgement, the government *is* following the law. Of course, if you'd like to revise the rules for Standing, then I'll go file a federal case against you because I'm afraid that something I've said here might make you punch me in the mouth someday. Because you know, punching someone in the mouth is against the law, and you MIGHT do it to me someday, so it never hurts to get you thrown in jail ahead of time - right?

      Your points seem reasonable, but I don't recall seeing that the plaintiff had tried to set up a class action suit. That would be pushing the issue really hard.

      --
      Faster! Faster! Faster would be better!
    5. Re:"Standing" by sycodon · · Score: 1

      What's more, the only *actual injury* she's sustained has been fixed already

      So, if I take pot shots at you, miss and then say, "sorry, my bad", you are good with that. No need to involve the police?

      And I'm saying the the Standing Rule needs to be looked at and revised. not tossed.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    6. Re:"Standing" by sycodon · · Score: 3, Interesting

      Let's say the Feds set up an illegal surveillance program (what? never happen!).

      They illegally spy on people but you don't know who. They may have spied on you, but you can't prove it.

      So YOU can't file a lawsuit against the feds because YOU haven't been spied on.

      Do you see how ridiculous "Standing" is in this situation?

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    7. Re:"Standing" by Anonymous Coward · · Score: 0

      Isn't the concept of Standing required to prevent random people without any real inerest in the matter (or actually an interest to lose the case) to bring charges and set a precedent that is opposite to what a competent party might have achieved?

      No. Standing is an obtuse way of granting the Judicial branch legislative nullification powers and convincing a people that a sufficiently complicated explanation of an amendment to the constitution can be twisted enough to deny the unalienable rights the constitution admits all men have.

    8. Re:"Standing" by tnk1 · · Score: 2

      We need an ombudsman or independent commission which has automatic standing in Federal court with the specific charge of investigating scenarios like this where someone believes they could have been harmed, but they can't get enough evidence to prove that they have standing. The commission would then get the information, which they would keep secret until they determine a list of people where there might be probable cause that they have been injured. That or the commission sues, is granted an award, and then as evidence appears that people have been harmed, those people can apply to the commission for redress.

      There are a lot of holes in that idea I can see, but the general idea is that we probably need an innovation to cover this standing and accountability gap.

    9. Re:"Standing" by suutar · · Score: 1

      Yes, but what makes it silly is that the surveillance program is illegal, and punishment should be meted out for that regardless of harm. Getting hacked is not illegal.

    10. Re:"Standing" by sgladfelter · · Score: 1

      That is the reason assault is separate from battery, but in reality they often go together.

    11. Re:"Standing" by Kaenneth · · Score: 1

      Does she use G-mail?

      When my brother in law got a private e-mail from a realtor with an attachment that suggested we get our basement lined with plastic; suddenly the ads on Slashdot were for local basement lining service companies, even before my brother-in law read the e-mail.

      Google not only read the e-mail attachment before it entered our home network, it automatically matched his e-mail account to our houses IP address (we don't share computers, so not cookie based), and started serving advertisements to other people based upon that potentially private information.

      If you have medical conditions, and you talk about them in 'private' g-mails... (or just google search them...) it's not longer private.

    12. Re:"Standing" by Anonymous Coward · · Score: 0

      Getting hacked is not illegal.

      That is not necessarily true. In most financial sectors, if you don't perform your due diligence to secure personally identifying information then you can wind up in violation of a number of federal laws. I imagine the same holds true in the medical field. Hosting all patient/customer information in a plain text file on a server connected to a network with a broadcasted wireless SSID and password of "password" would most certainly get you in quite a bit of trouble.

    13. Re: "Standing" by Anonymous Coward · · Score: 0

      Who _sold_ the medical data:
      * St Joseph's;
      * The people that hacked into St Joseph's;

      I can understand why St Joseph's won't want to follow either of those options.
      But why didn't her lawyer push the second option much harder?

    14. Re:"Standing" by Anonymous Coward · · Score: 0

      Getting hacked is not illegal.

      That is not necessarily true. In most financial sectors, if you don't perform your due diligence to secure personally identifying information then you can wind up in violation of a number of federal laws. I imagine the same holds true in the medical field. Hosting all patient/customer information in a plain text file on a server connected to a network with a broadcasted wireless SSID and password of "password" would most certainly get you in quite a bit of trouble.

      I work for the federal government and I can confirm that improperly safeguarding PII is against the law. Those in the federal government handling PII are given training. They, and all the rest of us, are told in no uncertain terms that failure to properly protect PII can have administrative and legal consequences. If a government employee is found to be the source of leaked PII the boss won't be very happy with "Getting hacked is not illegal."

    15. Re:"Standing" by Anonymous Coward · · Score: 0

      First: Standing is a CIVIL law concept. Not a CRIMINAL law concept.

      Second: If you take pot-shots at me, and I call the police, then the STATE will file criminal (not civil) charges against you for violating criminal statutes related to assault and battery, and probably also related to discharge of firearms in populated areas, and other related criminal statutes. I don't need standing to call the police and involve the criminal justice system.

      Third: If you revised the concept of Standing in the way you suggest, then what you are saying is that the merest hint of anything bad possibly happening to me as a result of your actions could result in civil litigation.

      Operate a car? Well, you could someday run me over. I think I'll file a lawsuit about that.
      Smoke a cigarette? Well, you could someday burn my apartment building down. I think I'll file a lawsuit about that.

      Do you see the problem yet, you thick-headed lackwit?

    16. Re:"Standing" by Anonymous Coward · · Score: 0

      In what is, quite literally, the first paragraph of the ruling (emphasis mine):

      The plaintiff, Beverly T. Peters (“Peters”), brings this class action lawsuit against the defendants, St. Joseph Services Corporation d/b/a St. Joseph Health System, and St. Joseph Regional Health Center (collectively, “St. Joseph”), for damages arising from an intrusion into St. Joseph’s computer network and the resulting data breach.

      She filed a class action suit. It was a fishing expedition to try and shake some money out of the ol' money tree.

      The judge was right to throw this out, she lacks standing, and has not been harmed. I know misunderstanding the law and getting breathless with indignation every time the terms "data leak," "Texas," and "hacking" come up here, but if anybody bothers to actually read the ruling, it's pretty sound and reasonable.

    17. Re:"Standing" by Anonymous Coward · · Score: 0

      if you don't perform your due diligence to secure personally identifying information then you can wind up in violation of a number of federal laws.

      If you handle data in a negligent fashion, your *negligence* can cause legal and financial damage. Not the state of being hacked. If you have impeccable security protocols and you follow them faithfully and make a good faith effort to keep them up to date, then you're not going to end up in violation of any of those federal laws.

      You may still end up having to offer "identity theft protection" to people affected by the breach, or any number of other precautionary and ameliorating measures, but to claim that "getting hacked is illegal" is incorrect - though it is certainly embarrassing, and it can certainly lead to bad things if you can't demonstrate adequate stewardship of the data.

    18. Re: "Standing" by Anonymous Coward · · Score: 0

      Possibly....location services can also account for knowledge of location. IP isn't the best way to get your location, but I get your point.

  11. Standing by Anonymous Coward · · Score: 0

    Modern criminal justice's way of explaining they're not interested in helping you.

  12. Oh Texas... by Anonymous Coward · · Score: 0

    Texas: Where it's more important to protect polluters, keep down "the gays", deny wrongfully convicted people of justice than to offer consumer/employee protections.

    And, yes, I do live here and am quite familiar with Texas "justice" and its politics.

    1. Re:Oh Texas... by rubycodez · · Score: 1

      not just Texas, plenty of "liberal" paradise cities in the North have rulings just like that, by scum in the pockets of large corporations.

    2. Re:Oh Texas... by Anonymous Coward · · Score: 0

      not just Texas, plenty of "liberal" paradise cities in the North have rulings just like that

      It must be true what with that vast amount of evidence you provided. And being in "the North" does not make one "liberal". Are you some sort of time traveler from the 19th century?

    3. Re:Oh Texas... by cusco · · Score: 1

      I don't see which "St. Joseph's Hospital" is being referenced, there are a ton of them out there, but most of them are owned by the Franciscan order of Catholic monks. The Franciscans, the Dominicans and the Sisters Of Providence nuns are three of the largest hospital chain owners in North America currently. The judge is not likely directly in the pocket of the Church, but several other for-profit "healthcare" corporations are headquartered in Texas so he is probably looking out for the financial well being of the entire industry by setting this precedent.5722719

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    4. Re:Oh Texas... by rubycodez · · Score: 1

      Oh I really have to provide links for my hometown of Chicago IL in "Crook" County IL to prove my point?

  13. Liberal Ass by Anonymous Coward · · Score: 0, Interesting

    This guy is an embarrassment and a liberal ass.

    Yeah...Regan nominated him. This what you get for trying to be "inclusive".

    1. Re:Liberal Ass by oh_my_080980980 · · Score: 1, Insightful

      You mean a conservative ass unless you think pimping for Chevron is liberal or are going on the basis of his color...

    2. Re:Liberal Ass by Anonymous Coward · · Score: 0

      Nice link...the judge sounds like a real cock.

    3. Re:Liberal Ass by Anonymous Coward · · Score: 0

      Read the link, Moron.

    4. Re:Liberal Ass by hey! · · Score: 2

      You keep using that word; I don't think you know what it means.

      Not only was this guy nominated by Reagan, he was nominated on Phil Gramm's recommendation.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    5. Re:Liberal Ass by Anonymous Coward · · Score: 0

      cockbite - - FTFY

    6. Re:Liberal Ass by Anonymous Coward · · Score: 0

      Like I said, this is what happens when you try to be, "inclusive" or "diverse".

    7. Re:Liberal Ass by Anonymous Coward · · Score: 0

      What you're saying is that black people can't normally be republicans. Ass

  14. Everything is bigger in Texas. by Anonymous Coward · · Score: 0

    Especially stupidity.

    Also, it is the home of scum like most of the Bushes and Lance Armstrong.

    What a cesspool.

    1. Re:Everything is bigger in Texas. by CaptainDork · · Score: 1

      You're an asshole for leaving out Perry.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Everything is bigger in Texas. by Anonymous Coward · · Score: 0

      and the Cowboys.

  15. NSA by oh_my_080980980 · · Score: 1

    Isn't that the argument for warrantless wire taping, something might happen in the future? Wasn't that reason to invade Iraq, they might develop nuclear weapons...

  16. Reductio ad absurdum. Colbert would have agreed! by DutchUncle · · Score: 4, Interesting

    Maybe this is saying that you can't sue for something that hasn't happened yet - and, indirectly, that the law requiring protection of confidentiality (and penalizing failure) has no teeth, and that the limits against abusive overreach of law are allowing an end-run around the general intent.

    Let's say you had a workman at your house, and they left the garage door unlocked when they were finished. If you come home and everything is fine, then there is no cause for legal action. If you come home and your house has been robbed, then first it's the robber's criminal act, and then maybe there's a civil action by your insurance company to get money from the workman's insurance company.

    The hospital is seen as the *victim* of a theft, just as if a doctor's or psychiatrist's office were broken into for drugs and some records were stolen, rather than a *culprit* for "failing to maintain HIPAA confidentiality". YOU have to go after each person who does something illicit with the information; each marketer, each fraud instance, each problem, is individual. And since each of them is small individually, it's YOUR burden to chase them as a civil matter rather than a criminal matter that would get you some help from society (through the police agencies).

  17. I can see that by Sloppy · · Score: 2

    If a breach happens, just change your medical history.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
    1. Re:I can see that by CaptainDork · · Score: 2

      This.

      It's stupid to continue having high blood pressure once a breach has been revealed.

      People should change ailments at least every 60 days.

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re: I can see that by Anonymous Coward · · Score: 0

      It's all about the money. Can't have 400,000 people winning a lawsuit against a hospital now can you? The judge should be taken out and shot. Along with a few others I might add.

    3. Re:I can see that by Anonymous Coward · · Score: 0

      If a breach happens, the hackers can't be prosecuted unless those who with exposed info can prove damages.

      I love it!

  18. Yeah... by Anonymous Coward · · Score: 0

    Meanwhile the people engaged in the Obamacare suit have 'standing'...

    Our courts are rotten to the core.

  19. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    "Hasn't happened yet"? Are you claiming she hasn't been "besieged with calls and solicitations for medical products and services companies"?

    To hell with doxxing the judge, start flooding him with direct calls now that he has legally agreed that such actions do not constitute a cognizable injury.

  20. Spooks by Anonymous Coward · · Score: 0

    This is government spooks wanting to get at something that they can't get at because of HIPAA, and they are now used to just stealing and taking.

    Courts are for the citizens not government agents.

  21. Texas is a Republican state by Anonymous Coward · · Score: 0

    Remember that Texas is 99.999% Republican.

    Don't expect courts in this state to favor patient rights over the "rights" of medical conglomerates.

    1. Re:Texas is a Republican state by Anubis+IV · · Score: 2

      Texas is about 60/40 Republican/Democrat at the moment. From 1848 to 1978, Democrats won Texas in all but 4 presidential elections, and Texas even had a Democrat (Ann Richards) as it's governor up until George W. Bush was elected in the mid-1990s. Texas' population is also among the fastest growing in the nation as a result of the high number of people relocating there from other states, suggesting that its demographics are likely to change over the next few years. As it is now, almost all of the urban centers (of which there are quite a few) lean Democrat, while the sprawling suburbs (of which there are also quite a few) lean Republican.

      Suggesting it's "99.999% Republican" means that you've fallen for the rhetoric one side or the other is spewing.

    2. Re:Texas is a Republican state by hey! · · Score: 1

      There ain't no such thing as a 99% anything state.

      The actual breakdown in Texas is 47% Republican to 35% Democrat. This illustrates something I've observed around the country: political control comes from holding consistent marginal advantages over your opposition. While the *politics* of two states may differ dramatically, the *population* of those states aren't likely to be quite that different. There are plenty of liberals in Texas just as there are plenty of conservatives in Massachusetts.

      The way this works is that if you have enough of a margin over your opposition to win a string of elections, you accrue the advantages of incumbency and name recognition. This gives you an advantage over your opposition much greater than your numerical advantage, because most people are low-information voters who just go along with what they're familiar with.

      I believe that *any* state could potentially be flipped, if you piss off those low information voters enough. And there's nothing like complacency to breed arrogance in a political party.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    3. Re:Texas is a Republican state by Anonymous Coward · · Score: 1

      and Texas even had a Democrat (Ann Richards) as it's governor up until George W. Bush was elected in the mid-1990s.

      Yes but it should be noted (from en.wikipedia.org/wiki/Ann_Richards):

      After a brutal campaign and a series of legendary gaffes by Williams (most notably a joke about the crime of rape[6]), Richards narrowly won on November 6, 1990 by a margin of 49-47 percent

      Isn't exactly having a Democratic governor as much as nominating a luny for Republican and not telling him to shut up until after elected. (Seriously it seems like some Republicans are trying to decriminalize rape, and this was one).

    4. Re:Texas is a Republican state by Anonymous Coward · · Score: 0

      It would likely take huge grassroots efforts and lots of luck to get an independent a seat and even if they do get a spot, they won't have enough sway in the state legislature anyway.

    5. Re:Texas is a Republican state by gtall · · Score: 1

      It also gives you a leg up on redistricting which happens every 10 years.

  22. LOL by Trailer+Trash · · Score: 1

    So, suddenly when the government is on the line the Constitution is useful for something more than toilet paper? Got it.

    It's amazing how so many judges lack sound judgement, which, by definition, should be a basic requirement for the job....

    --
    Do you have ESP?
    1. Re:LOL by cusco · · Score: 1

      Government??? The government doesn't own the hospital, care to clarify your point? The judge is protecting the interests of the healthcare conglomerates from the threat of 400,000 injured customers.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    2. Re:LOL by zlives · · Score: 1

      and the judiciary is part of which conglomerate?

  23. Re:Reductio ad absurdum. Colbert would have agreed by penix1 · · Score: 1

    It isn't just the calls...

    Her discover card had fruadulant charges and her Amazon account had a social engineering attempt. She is so far beyond just phone calls.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
  24. Generally people do not understand by Bonzoli · · Score: 2

    Generally people do not understand about personal data until it bites them in the butt. If his data and his families data gets highlighted in those records on the net. Bet he will think differently very fast. Perhaps he needs to understand the personal injury before he can make good decisions.
    Until is more expensive for people that make these decisions and corporations that fail on so many levels of bureaucracy, no changes will be made that have an impact.

    1. Re:Generally people do not understand by Lab+Rat+Jason · · Score: 1

      Ironically, if his own data was breached, he would likely be forced to recuse himself from the case.

      --
      Which has more power: the hammer, or the anvil?
  25. Appointed forever ... by Anonymous Coward · · Score: 0

    Throw the bum out ... no, wait: Appointed Forever Bar and Grille Singers

  26. Not strictly on topic, but related... by Anonymous Coward · · Score: 0

    If anybody has any doubt as to how fast this information is being exploited, my information was recently compromised by my insurance company, and within three days of a surgical procedure I had bogus calls trying to bill me for equipment that I never received, requested, nor had the doctor requested. One called me up and say is this Mr Doe? I said "Yes, with whom am I speaking?" He then went on that I needed to give them my information and asked for my zip code.. all of this with a heavy Indian accent. I told him to fuck off and hung up.

    A week later a snail mail came in from a different 'company' which had a real company's letterhead with bogus contact information asking me the same sorts of things. It had an 877 number that I traced to what appears to be a medical student in India. I'm considering notifying the 'real' company about it.

    What a fucking joke. These assholes need to be hit with a drone strike.

    1. Re:Not strictly on topic, but related... by CaptainDork · · Score: 1

      So, to boil it down to the facts, you were not the victim of identity theft and you are not likely to be the victim of identity theft.

      Is that correct?

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Not strictly on topic, but related... by Anonymous Coward · · Score: 0

      Considering that in the breach my SSN, address, and basically all personally identifiable information was exposed I'm pretty sure it's coming.

      Nice troll attempt; please try again later.

  27. unknown hackers did unknown things by Anonymous Coward · · Score: 0

    So what do you know? And if you don't know these things, why even mention them? What's this, a scary story about cyber bogeymen?

  28. You guys are pretty brave by swb · · Score: 1

    You guys obliquely or not so obliquely calling for doxing of a Federal Judge are pretty brave, I must say.

    But maybe you'll find out definitively if a U.S. Marshall Service no-knock warrant results in someone like Raylan Givens showing up to execute it, or whether that's just in Harlan County.

    Regardless, I'm sure whatever jail you end up in will definitely have someone who resembles Boyd Crowder.

    1. Re:You guys are pretty brave by mrchaotica · · Score: 1

      Why not? Apparently, doxing isn't actually illegal!

      You could argue that it's not a smart thing to do because a Federal judge might have enough power to get somebody raided with a no-knock warrant and arrested even though the charges wouldn't stick, though.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    2. Re:You guys are pretty brave by swb · · Score: 1

      Let's count the ways it could go wrong:

      1) Conspiracy to obstruct justice -- I don't know what the exact charge is, but let's just assume it's a Federal felony with a big fine and guaranteed jail time.

      2) No-knock raid, search and seizure of your computer equipment. Oh, and it will be held as evidence and likely subject to civil forfeiture. And they'll fucking trash your house while they're at it.

      3) What else do you have at home they can use to compound charges? Guns? Well, possession of a firearm while committing a felony is a felony, too. Drugs? Hey, those might have some tasty mandatory minimums.

      4) That computer search we did...now, are all those girls in those photos over 18?

      5) How about we just get down to brass tacks. The judge thinks you're an asshole, so we're going to throw you into a cell with some thug who will beat the shit out of you and turn you out for loose cigarettes.

      Sure, you and your student law clinic counsel might even manage to get a civil suit filed, but Federal Judge is a job for life and takes an act of congress to get rid of them. Exactly 10 have been impeached since 1900. Good luck with that.

      Bottom line is, Federal judges? Best not to poke the robe.

    3. Re:You guys are pretty brave by Anonymous Coward · · Score: 0

      Luckily I don't have any of that stuff in my house. You type it as if all of those things are as common as toilet paper.

    4. Re: You guys are pretty brave by Anonymous Coward · · Score: 0

      Well now Mr. SWB, I find your particular characterization of the population of my current abode vexatious and prejudicial.

  29. I wonder how cases end up like this by phorm · · Score: 1

    "Your honor, the plaintiff's files are now complete safe. They're in no danger. Unless the new Jaguar that is parked just outside your office in the no park zone. The one for which the keys have been put .... right ... here"

    There really seems to be no logical/moral ideas behind these decisions.

  30. This is actually good news ... by CaptainDork · · Score: 1

    ... because it is another hammer-strike on the chisel that's helping shape the body of evidence required to successfully try breach cases like this.

    The plaintiff has no standing because 1.) no identity theft actually occurred, 2.) there is no strong indicator that identity theft will occur.

    As litigants sharpen the evidentiary needle, courts are going to be boxed in to a decision just as soon as a victim meets criteria 1.) and 2.).

    It'not, "if," it's "when."

    --
    It little behooves the best of us to comment on the rest of us.
  31. Misreading Court decisions... by sabbede · · Score: 4, Informative

    The court did not say she was wrong, it said she went to the wrong courthouse.

  32. Re:Reductio ad absurdum. Colbert would have agreed by Forgefather · · Score: 1

    The difference in this case as I understand it is that the hospital was legally required to lock that door then they failed to properly secure the door which resulted in the theft of sensitive information. In your example there is no such burden placed on the workmen. They are not required by law to ensure the safety of the homes that they work at unlike the hospital. A better example would be to compare the hospital to a bank. If a bank is robbed and all of there customer's money is stolen is the bank not responsible for the damages caused to those customers for failing to properly secure their money? I would think that they would be, and make no mistake, having such confidential data stolen can be just as devastating if your credit rating gets nailed or your accounts get drained. As far as standing I don't think there is a question that there are damages here. The time and effort alone to rectify all of the locked accounts, get cards reissued, and reverse charges is plenty of damage to justify a civil suite.

    --
    "There are lies, there are damn lies, and there are statistics"
  33. Courts don't even hear arguments anymore by Anonymous Coward · · Score: 0

    The judge just figures out who has the least money and then rules against them.

  34. Dismissing all data protection laws by Kjella · · Score: 3, Interesting

    Although it is alleged that St. Joseph's failures "proximately caused" these injuries, the allegation is conclusory and fails to account for the sufficient break in causation caused by opportunistic third parties. The injuries, to the extent that they meet the first prong, are "the result of the independent action of a third party" and therefore not cognizable under Article III.

    1) Company leaks your data
    2) Third parties abuse your data
    3) You don't have standing to sue company, because you've been harmed by third parties.

    Who else would have standing to sue expect for the people whose data is being protected? This is basically saying nobody has standing and the law is null and void. This judge should rule the Snowden trial, if there ever is one. He'd dismiss all charges because the US government would lack standing, they haven't been harmed by Snowden's actions only the actions of independent third parties acting on his information. That's a clear break in causation, don't you agree?

    --
    Live today, because you never know what tomorrow brings
    1. Re:Dismissing all data protection laws by suutar · · Score: 1

      No, the break in causation is that there's no way to show that the data these third parties are using against the woman _definitely came from the hospital breach_. There's other ways to get card numbers, there's other ways to get family info. Now, if they start using _medical info_ against her, it'll be a lot harder to come up with alternatives, because there's not that many places to get hold of it.

      In your analogy, because the stuff Snowden is leaking isn't available elsewhere, it'd be pretty easy to show that it was Snowden's revelation that resulted in the harm. But sadly that level of direct connection just isn't provable yet for this case.

  35. Fuel for a serial killer? by Anonymous Coward · · Score: 0

    Hold on let me steal that guy's medical record. OH! Says here he's allergic to peanuts. Just slip a little in his lunch and........

  36. TEXAS by Anonymous Coward · · Score: 0

    This from the state that brings you the courts that all Patent Trolls file in and rehab for Affluenza.

    Would you expect less? Texas, we're not Florida, but we're catching up.

  37. OK. Everybody ... by PPH · · Score: 1

    ... go to the free clinic with your STDs, gential warts and other maladies and check in with the ID for Kenneth Hoyt.

    --
    Have gnu, will travel.
  38. About 800,000 taxpayers... by user.aaaaa · · Score: 0

    who enrolled in insurance policies through HealthCare.gov received erroneous tax information from the government, and were urged on Friday to hold off on filing tax returns until the error could be corrected.

  39. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    The bank is of course Federally backed so you get your money back anyway. The stolen medical information that would allow someone to commit identity theft as well as other crimes while posing as the medical record holder.

    So really, I'd rather someone rob my bank then steal my identity. Losing your money doesn't open you up to potential criminal charges the same way fraud could.

  40. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    That's all fine and dandy, until you realize that we are jailing crackers who expose user/password databases.

    By your logic, we should not do so. We should only persecute the crackers if its proven that a user's login is used in a way that causes damages. While I agree with this logic, the fact that we don't demonstrates that the law is immune to both our logic and their own.

  41. Re:Reductio ad absurdum. Colbert would have agreed by cusco · · Score: 2

    The hospital **will** be facing fines for the breach, HIPAA violations are expensive. Hospitals have been cutting IT staff in recent years as a penny-smart/pound-foolish cost-saving measure, wonder if this will show Franciscan Healthcare how stupid that is.

    --
    "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  42. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    The difference in this case as I understand it is that the hospital was legally required to lock that door then they failed to properly secure the door which resulted in the theft of sensitive information.

    From my understanding of this case, that's a different issue. You're talking about the concept of negligence: that you were obligated to or should do something, but you didn't.

    Maybe the hospital did everything they should do, but thieves broke in anyway. That would be a whole other investigation.

    If a bank is robbed and all of there customer's money is stolen is the bank not responsible for the damages caused to those customers for failing to properly secure their money?

    Yes and no. The bank is obligated to pay back the money the customers had in their accounts with the bank. But that's it.

    What this case is about is that the woman wants the bank to also pay for the damages caused by the money stolen from the bank by the robbers either directly (hackers trying to get to her CC) or indirectly (marketers using her info)

    Think of it this way: suppose I promise to hold on to your gun for you. Somebody broke in and stole that gun. They used that gun (your gun) to shoot you. Am I guilty of murdering you?

  43. Re:Reductio ad absurdum. Colbert would have agreed by suutar · · Score: 1

    nope, the bank is not responsible. The FDIC will cover some losses because the bank bought insurance (because not having it means fewer customers), but above that you're SOL unless the thief is caught and the money is returned.

  44. Re: Reductio ad absurdum. Colbert would have agree by Anonymous Coward · · Score: 0

    What this case is about is that the woman wants the bank to also pay for the damages caused by...

    She wants the hospital to be liable, not the bank.

  45. Don't try this at home, kids. by westlake · · Score: 1

    Open call to doxx the judge? Anonymous, are you listening?
    And then if the gov't catches the hackers, they can just say, hey there was no harm!!! He said so himself!

    I grieve for the lawyer who has a geek for a client.

    The accidental exposure of medical records and the like can potentially be quite damaging, of course. But the harm to any particular individual or institution can be hard to measure, at least in the beginning.

    The moment you conspire to actually make use of such personal information to harass or intimate a federal judge you are open to conviction on the felony charge.

  46. Virginia Hospital Hack With Ransome Note? by Anonymous Coward · · Score: 0

    Does anyone know about a follow up to the Virginia hospital hack of a few years ago? The hack that left at brazen ransom note? It seems the story and the perpetrator have disappeared from the public spotlight. Anyone have any follow up info??

  47. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    But the calls, if one considers a huge volume of calls as 'harassment' as most non-public people do, are the only unremedied harm she has suffered. If this judge has freely stated that he believes a large volume of commercial calls are not 'harm' then he's given permission for being on the receiving end.

  48. Re:Reductio ad absurdum. Colbert would have agreed by Anonymous Coward · · Score: 0

    We should only persecute the crackers if its proven that a user's login is used in a way that causes damages.

    We should prosecute them too.

  49. Those who make peaceful revolution impossible, by Anonymous Coward · · Score: 0

    "Those who make peaceful revolution impossible, make violent revolution inevitable." - JFK