Latest news with #StoredCommunicationsAct
Yahoo
16-04-2025
- Health
- Yahoo
Lawsuit: KU Health worker accessed records of 400+ patients, including nude photos
KANSAS CITY, Mo. — A class action lawsuit has been filed after attorneys say a physical therapist with the University of Kansas Health System 'unlawfully accessed' files, including 'potentially nude clinical photographs,' of more than 400 patients who had sought care at a separate Kansas hospital. The lawsuit was filed Tuesday in U.S. District Court in Kansas City, Kansas, naming KU Health, Lawrence Memorial Hospital, and Epic Systems Corporation as the defendants. It highlights two women — identified as 'Jane Doe #1' and 'Jane Doe #2' throughout the suit — who received letters in 2023, notifying them of the breach. A spokesperson for KU Health said Wednesday they are reviewing the claims. Blue Valley schools approve new policy after sex offender attends school dance According to a Kansas City-based law firm that filed the lawsuit, Stueve Siegel Hanson LLP, the breach started in February 2021 and was not discovered until February 2023. The lawsuit claims the KU Health physical therapist used his employee credentials through Epic's portal to look at the records of at least 425 patients of Plastic Surgery Specialists of Lawrence, an affiliate of LMH, despite having no connection to the patients' care. The lawsuit, which does not name the physical therapist in question, says he had no affiliation with the Lawrence hospital nor its clinic and had never provided treatment to any of the patients. It claims that the Epic portal permitted patient data sharing between unrelated health systems. 'The violation of privacy suffered by these patients is nothing short of devastating,' said Stueve Siegel Hanson Attorney Austin Moore said in a statement. 'There's a serious problem in the healthcare industry when an unauthorized employee can access patient records at an unaffiliated medical facility with virtually no oversight. We're pursuing this case to advocate for stronger safeguards around patient data and to hold accountable those who failed to protect it.' According to the lawsuit, KU Health sent a letter in April 2023 to the victims, notifying them of the data breach and admitting that an employee had accessed their information 'outside of their job duties.' KU Health said in the letter that the employee had been terminated; however, according to the law firm, the letter at the time did not specify what 'clinical information' was compromised, 'leaving many patients unaware of the full extent of what occurred.' Plaintiffs 'Doe #1' and 'Doe #2' both indicated in the lawsuit that they received care at LMH between 2021 and 2023, and as part of those procedures, pre-operative and post-operative photos of their nude bodies were gathered and made part of their medical files. New claims from alleged victims of KC tow company under criminal investigation The law firm said its lawsuit asserts negligence claims, invasion of privacy, civil rights violations, and violations of the Computer Fraud and Abuse Act and the Stored Communications Act, among other claims made against KU Health, LMH and Epic. The lawsuit requests a jury trial and asks the court to award compensatory and punitive damages to the plaintiffs. In a statement Wednesday, KU Health said: 'The University of Kansas Hospital is one of three parties named in a lawsuit alleging violations of patient privacy. We take this seriously; patient privacy is very important to us. We just received the complaint, and our teams are reviewing it currently.' FOX4 has also reached out to Epic and LMH for comment. Epic has not responded; however, LMH said: 'LMH Health was made aware this morning that it is one of three parties named in a lawsuit alleging violations of patient privacy. While we can't comment on ongoing legal action, we want to reassure our patients and community that we take any suspected violation of patient privacy extremely seriously. This claim is under review by legal counsel, and we will keep the community apprised of any additional facts we can share as they become available.' A court date has not yet been set in the case. Read the full lawsuit here. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Associated Press
28-03-2025
- Associated Press
First Class Action Lawsuit Filed Against University of Michigan for Massive Privacy Breach Affecting Thousands of Female Athletes
Stinar Gould Grieco & Hensley, PLLC has filed the first class action lawsuit against the University of Michigan CHICAGO, IL, March 27, 2025 (EZ Newswire) -- Stinar Gould Grieco & Hensley, PLLC has filed the first class action lawsuit against the University of Michigan, the Regents of the University of Michigan, Matthew Weiss, and Keffer Development Services, LLC, alleging a massive breach of privacy affecting over 3,300 individuals, primarily female student-athletes. The lawsuit, filed in the United States District Court for the Eastern District of Michigan (Case No. 2:25-cv-10806), alleges that defendants allowed unauthorized access to sensitive personal information, private photographs, and videos of thousands of student-athletes. According to the complaint, Matthew Weiss, a former University of Michigan employee, allegedly accessed—without authorization—the social media accounts, emails, cloud storage, and personal information of thousands of female student-athletes over approximately eight years (2015-2023). The complaint alleges that Weiss targeted female athletes and downloaded private photographs and videos that were never intended to be shared beyond the plaintiffs' intimate partners. 'This case represents one of the most significant breaches of student-athlete privacy in recent memory,' said Parker Stinar, lead attorney for the plaintiffs. 'Our clients placed their trust in the University of Michigan and its vendors, only to have their most personal and private information compromised due to what we allege was negligence and recklessness.' The lawsuit alleges that the University of Michigan, its Regents, and Keffer Development Services failed to implement adequate security measures, proper supervision, or employee monitoring that would have protected the plaintiffs' privacy. According to the complaint, Weiss allegedly: Gained unauthorized access to student-athlete databases maintained by Keffer Development Services Downloaded personally identifiable information (PII) and medical data of more than 150,000 athletes Obtained passwords used by athletes to access computer systems Used this access to download private photographs and videos The lawsuit includes claims for violations of the Computer Fraud and Abuse Act, the Stored Communications Act, Title IX, and various state laws involving invasion of privacy, negligence, and conversion. The plaintiffs are seeking damages exceeding $100 million, along with costs, interest, and attorney fees. The class action complaint seeks to represent all persons whose personal information, images, data, social media, or videos were accessed by Weiss without authorization. 'This lawsuit is not only about seeking justice for those whose information was stolen but also about forcing the University of Michigan to confront its systemic failures and ensure such breaches never happen again. The case will hold the institution accountable for its lack of appropriate safeguards and transparency regarding the security of its student-athletes' personal and medical data. In the face of such violations, SGGH is committed to turning over every stone in our pursuit of justice. Through litigation, we will uncover the flaws in Michigan's cyber security protocols that led to this massive breach, and demand real change to protect vulnerable individuals from similar harms in the future. We will fight relentlessly to secure justice for all those affected.' said Parker Stinar, lead attorney for the plaintiffs. This case highlights the growing concern around data privacy and the security of personal information in the digital age, particularly in university settings where students entrust institutions with their personal data. About Stinar Gould Grieco & Hensley, PLLC Stinar Gould Grieco & Hensley, PLLC is a law firm dedicated to protecting the rights of individuals in complex litigation matters. The firm has extensive experience in class action lawsuits, privacy law, and representing victims of institutional failures. Managing Partner, Parker Stinar, previously led the University of Michigan/Robert Anderson sexual abuse matter which resolved for $490 million dollars for more than 1,000 individuals. For more information, visit
