Abernathy v. Brandywine Urology Consultants, P.A.

CourtSuperior Court of Delaware
DecidedJanuary 21, 2021
DocketN20C-05-057 MMJ CCLD
StatusPublished

This text of Abernathy v. Brandywine Urology Consultants, P.A. (Abernathy v. Brandywine Urology Consultants, P.A.) is published on Counsel Stack Legal Research, covering Superior Court of Delaware primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook
Abernathy v. Brandywine Urology Consultants, P.A., (Del. Ct. App. 2021).

Opinion

IN THE SUPERIOR COURT OF THE STATE OF DELAWARE

CECILIA ABERNATHY, FLINT ) DELON, TINA MURPHY and ) JEFFREY WASKO, INDIVIDUALLY ) AND ON BEHALF OF ALL OTHERS ) SIMILARLY SITUATED, ) ) C.A. No. N20C-05-057 MMJ CCLD Plaintiffs, ) ) v. ) ) BRANDYWINE UROLOGY ) CONSULTANTS, P.A., ) ) Defendant. )

Submitted: October 30, 2020 Decided: January 21, 2021

On Defendant’s Motion to Dismiss

GRANTED OPINION

Gary M. Klinger, Esq., (Argued) Mason Lietz & Klinger LLP, Chicago, Illinois, Gary E. Mason, Esq., David K. Lietz, Esq., Mason Lietz & Klinger LLP, Washington, District of Columbia, Jared T. Green, Esq., Seitz, Van Ogtrop & Green, P.A., Wilmington, Delaware, Attorneys for Plaintiffs and the Proposed Class.

William E. Manning, Esq., Saul Ewing Arnstein & Lehr LLP, Wilmington, Delaware, Turner A. Broughton, Esq. (Argued), Brendan D. O’Toole, Esq. (Argued), Amanda Bird, Esq., Williams Mullen, Richmond, Virginia, Attorneys for Defendant.

JOHNSTON, J. FACTUAL AND PROCEDURAL CONTEXT

Parties

This case arises from a data breach. On January 27, 2020, Brandywine

Urology Consultants, P.A. (“Defendant”) discovered that it was the victim of a

ransomware attack (the “Attack”) on its network.1 The Attack blocked access to

Defendant’s computer system and data, which included sensitive patient medical

records.2 During the Attack, cyberthieves accessed and encrypted records that

included patient names, addresses, Social Security numbers, medical file numbers,

claim data, and other financial and personal data.3 During and after the attack,

there was no attempt to extract a ransom.

Plaintiffs Cecilia Abernathy, Flint Delong, Tina Murphy, and Jeffrey Wasko

(collectively, “Plaintiffs”) bring this suit individually and on behalf of a Proposed

Class.4 Defendant is a Delaware-based urology practice.5 Plaintiffs are patients of

Defendant.6

1 Defendant’s Opening Brief in Support its Motion to Dismiss (“OB”), at 9. 2 Plaintiff’s Response and Opposition to Defendant’s Motion to Dismiss at 1-2. 3 Id. at 2. 4 Compl. at 1. Plaintiffs have not made a request to certify the class at this stage. 5 OB at 10. 6 Resp. at 2. 2 Defendant’s Response to the Attack

Defendant states that it took immediate steps to “isolate and mitigate the

intrusion to its network” after the Attack was discovered.7 Defendant removed the

malicious software from its network.8 Defendant also hired an outside security

firm to investigate whether protected health information (“PHI”) on the network

had been compromised by the Attack.9 After examining the extent of the Attack,

the security firm confirmed that no PHI had been compromised.10

On March 27, 2020, Defendant notified all of its patients of the Attack.11 On

March 28, 2020, Defendant issued an updated Notice of Potential Data Breach (the

“Notice”).12 The Notice informed Defendant’s patients that it was possible, though

Defendant believed that it was “unlikely,” that their personal and financial

information was compromised.13 The Notice also stated that Defendant would

inform patients as soon as possible of the results of its ongoing investigation. 14

7 OB at 9-10. 8 Id. at 10. 9 Id. 10 Id. 11 Id. 12 Id. 13 Id. 14 Id. 3 Procedural History

Plaintiffs filed suit on May 06, 2020.15 Plaintiffs assert claims for: (1)

negligence; (2) invasion of privacy; (3) breach of express contract; (4) breach of

implied contract; (5) negligence per se; (6) breach of fiduciary duty; (7)

noncompliance with the Delaware Computer Security Breach Act; and (8)

violation of the Delaware Consumer Fraud Act.

Defendant filed a Motion to Dismiss and supporting brief on July 15, 2020.

Plaintiffs filed their Response on August 28, 2020. Defendant filed its Amended

Reply on September 25, 2020.

STANDARD OF REVIEW

Lack of Standing

Rule 12(b) provides for dismissal of a claim when a court lacks subject

matter jurisdiction or a plaintiff lacks standing to appear and be heard.16 Factual

challenges under Rule 12(b)(1) permit a court to consider matters outside the

pleading, such as testimony and affidavits. 17 The burden is on the plaintiff to

demonstrate that it meets the elements for standing. 18

15 Compl. at 1. 16 Super. Ct. Civ. R. 12(b)(1)-(2). 17 Id. 18 Lujan v. Defs. Of Wildlife, 504 U.S. 555, 561 (1992). 4 Failure to State a Claim Upon Which Relief Can Be Granted

In a Rule 12(b)(6) Motion to Dismiss, the Court must determine whether the

claimant “may recover under any reasonably conceivable set of circumstances

susceptible of proof.”19 The Court must accept as true all well-pleaded

allegations.20 Every reasonable factual inference will be drawn in the non-moving

party’s favor.21 If the claimant may recover under that standard of review, the

Court must deny the Motion to Dismiss.22

ANALYSIS

Defendant’s Contentions

Defendant argues that Plaintiffs lack standing to bring this case. Defendant

contends that Plaintiffs have failed to allege an injury in fact. Further, Plaintiffs’

alleged injuries cannot be traced back to Defendant. Defendant asserts that

Plaintiffs have failed to state a claim for Counts 1-5. As for Plaintiffs’ other

claims, Defendant argues that: (1) the economic loss doctrine bars any recovery;

(2) the breach of fiduciary duty claim must be dismissed because the Court lacks

subject matter jurisdiction; (3) the Delaware Computer Security Breach Act claim

must be dismissed because Plaintiffs lack standing and Defendant satisfied the

19 Spence v. Funk, 396 A.2d 967, 968 (Del. 1978). 20 Id. 21 Wilmington Sav. Fund Soc’y v. Anderson, 2009 WL 597268, at *2 (Del. Super.) (citing Doe v. Cahill, 884 A.2d 451, 458 (Del. 2005)). 22 Spence, 396 A.2d at 968. 5 statute’s notice requirement; and (4) the Delaware Consumer Fraud Act claim must

be dismissed because Plaintiffs have failed to state a claim under the statute.

Plaintiffs’ Contentions

Plaintiffs maintain that they have sustained an injury in fact sufficient to

confer standing. Plaintiffs specifically allege the following harms: (1) the

imminent risk of future harm; (2) mitigation expenses; (3) loss of privacy; (4)

anxiety; (5) failure to receive the benefit of a bargain; (6) loss of value of property

in personally identifying information; and (7) disruption to Plaintiffs’ medical care.

Plaintiffs contend that these alleged harms are legally cognizable and can be traced

back to Defendant.

In response to Defendant’s other arguments, Plaintiffs argue that the

economic loss doctrine does not foreclose the possibility of recovery because

Defendant denies the existence of any contract. Further, Plaintiffs properly state

claims for negligence, negligence per se, invasion of privacy, breach of express

contract, and breach of implied contract. Plaintiffs maintain that they properly

stated a claim under Delaware’s Consumer Fraud Act. Plaintiffs concede that the

Court lacks subject matter jurisdiction over their fiduciary duty claim. Finally,

Plaintiffs elect to withdraw their claim under the Delaware Computer Security

Breach Act.

6 Standing

Plaintiffs bear the burden of establishing all of the elements for standing.23

Plaintiffs must demonstrate: (1) an injury in fact; (2) a causal relationship between

Free access — add to your briefcase to read the full text and ask questions with AI

Related

Lujan v. Defenders of Wildlife
504 U.S. 555 (Supreme Court, 1992)
Krottner v. Starbucks Corp.
628 F.3d 1139 (Ninth Circuit, 2010)
Reilly Ex Rel. Pluemacher v. Ceridian Corp.
664 F.3d 38 (Third Circuit, 2011)
Clapper v. Amnesty International USA
133 S. Ct. 1138 (Supreme Court, 2013)
Doe v. Cahill
884 A.2d 451 (Supreme Court of Delaware, 2005)
Shqeirat v. US AIRWAYS, GROUP INC.
515 F. Supp. 2d 984 (D. Minnesota, 2007)
Spence v. Funk
396 A.2d 967 (Supreme Court of Delaware, 1978)
Robb v. Pennsylvania Railroad Company
210 A.2d 709 (Supreme Court of Delaware, 1965)
Dover Historical Society v. City of Dover Planning Commission
838 A.2d 1103 (Supreme Court of Delaware, 2003)
Melissa Alleruzzo v. SuperValu, Inc.
870 F.3d 763 (Eighth Circuit, 2017)
Storm v. Paytime, Inc.
90 F. Supp. 3d 359 (M.D. Pennsylvania, 2015)
In re Zappos.com, Inc.
108 F. Supp. 3d 949 (D. Nevada, 2015)
Chambliss v. CareFirst, Inc.
189 F. Supp. 3d 564 (D. Maryland, 2016)
Fero v. Excellus Health Plain, Inc.
236 F. Supp. 3d 735 (W.D. New York, 2017)
In re 21ST Century Oncology Customer Data Sec. Breach Litig.
380 F. Supp. 3d 1243 (M.D. Florida, 2019)

Cite This Page — Counsel Stack

Bluebook (online)
Abernathy v. Brandywine Urology Consultants, P.A., Counsel Stack Legal Research, https://law.counselstack.com/opinion/abernathy-v-brandywine-urology-consultants-pa-delsuperct-2021.