Martin A. Steinberg, J.D. discusses a case in the Northern District of Illinois:
The provider must face negligence and implied-contract claims after patients alleged a vendor breach exposed sensitive health and personal data.
Two patients brought a putative class action against HAH Group Holding, LLC d/b/a Help at Home, after a March 2024 vendor data breach allegedly exposed sensitive personal and health information. The patients asserted claims for negligence, negligence per se, breach of express and implied contract, unjust enrichment, breach of fiduciary duty, breach of confidence, and declaratory judgment. The provider moved to dismiss for lack of standing and failure to state a claim. The court held that both patients alleged imminent harm sufficient for forward-looking relief, but only one alleged actual injury sufficient to support damages arising from fraudulent credit card charges, a closed account, and a credit score drop. Applying Illinois law at this stage, the court allowed the negligence and implied-contract claims to proceed but dismissed the remaining claims, limiting damages to the patient alleging actual financial injury (Bernardino v. HAH Group Holding, LLC, No. 1:24-cv-07595 (N.D. Ill. May 19, 2026)).
Read more at VitalLaw.
