Healthcare providers wrestling with the legal fallout of cyber-attacks just received a fresh reminder from the District of Arizona: traditional tort and contract theories remain difficult to sustain after a breach, but consumer-fraud statutes can keep a case alive.
In Johnson v. Yuma Regional Medical Center, fourteen patients sued the hospital after a ransomware incident exposed the data of roughly 700,000 individuals. In a 16-page opinion, Judge Susan M. Brnovich dismissed four of the five causes of action—negligence, breach of implied contract, unjust enrichment, and breach of fiduciary duty—while allowing a single claim under the Arizona Consumer Fraud Act (“ACFA”) to proceed.
Read more from Baker Botts at JDSupra.
