A federal judge recently held that mere allegations that a healthcare provider’s patient information portal failed to utilize sufficient security measures, without allegations of an actual breach, were insufficient to confer standing on the plaintiff. The case, Williams-Diggins v. Mercy Health—which was pending in the United States District Court for the Northern District of Ohio—centered around the plaintiff’s 2016 allegations that the defendant’s “use of software known as the Horizon Patient Folder WebStation portal [] caused private and protected patient information to be exposed to unauthorized third parties.”
via No Breach, No Standing | Data Privacy + Security Insider.