. home.aspx



Pennsylvania Supreme Court says UPMC must safeguard employee data

November 26, 2018 / Evan Sweeney

The University of Pittsburgh Medical Center (UPMC) must protect the personal information of its employees from hackers, Pennsylvania’s highest court ruled last week. The decision bolsters a long-running class-action lawsuit filed by UPMC employees following a 2014 data breach that exposed the information of nearly 62,000 employees. The Pennsylvania Supreme Court also ruled that UPMC may be on the hook for monetary damaged if the plaintiffs can prove the health system acted negligently. “Employees have sufficiently alleged that UPMC’s affirmative conduct created the risk of a data breach,” the high court ruled (PDF). “Thus, we agree with Employees that, in collecting and storing Employees’ data on its computer systems, UPMC owed Employees a duty to exercise reasonable care to protect them against an unreasonable risk of harm arising out of that act.”