Feb. 2. 2022 – In an 8-page order, Circuit Judge Janet M. Boes denied in part a motion filed by Covenant Hospital to dismiss a class action resulting from a May 4, 2020 cyberattack.  Mason Lietz & Klinger represents the Plaintiffs and a putative class of around 45,000 patients. 

Plaintiff Sheryl Herbert alleged that after the data breach, she had been a victim of identity theft.  Specifically, she claimed that an unauthorized person had fraudulently filed for employment benefits using her identity.  She then spent time to safeguard her privacy and to make sure that the theft “did not snowball into monetary damages.”  The Court found that this was sufficient to state a present injury.

Further, the Court held that both plaintiffs sufficiently alleged a claim for unjust enrichment. Plaintiffs alleged that when they paid for medical services they were also paying for some amount of data security. They allege that they did receive this data security and Covenant was enriched as a result of retaining money it should have spent on more effective data security. On the basis of these allegations, the Court held that dismissal of the unjust enrichment claims “at the pleading stage would [not] be appropriate.”

The case is Herbert et al. v. Covenant Medical Center Inc., No. 21-044500-NZ-3 (Mich. Cir. Ct., Saginaw Cty.)