The Pennsylvania Superior Court has ruled the University of Pittsburgh Medical Center isn't responsible for protecting employee data.
Last month, the court dismissed a class action lawsuit filed against the University following a 2014 data breach which compromised the information of nearly 62,000 UMPC employees and resulted in at least 788 tax fraud victims, according to court documents.
Names, dates of birth, Social Security numbers, tax information, addresses, and salary and bank information were compromised in the incident.
The court ruled that the university had no legal duty under state law to protect the personal and financial information of the employees. The ruling contradicts the ruling of a similar case in which a Texas hospital was penalized $3.2 million for HIPAA violations after a data breach. At the time, it was only the third civil monetary penalty the Office for Civil Rights (OCR) had issued.