Matthew Green Analyzes the Evolving Landscape of Cybersecurity Class Actions in Pennsylvania

In an article for The Legal Intelligencer published on March 24, 2025, Matthew Green, partner and Deputy Chair of Obermayer’s Litigation Department, explored the evolving landscape of class action data breach cases in Pennsylvania.  His article, titled “Cybersecurity Class-Action Liability in Pennsylvania—Where Are We At, and What’s Next?” examines how increasing cyber attacks and shifting legal standards have expanded cybersecurity liability in the Commonwealth. Green discusses key cases, including Clemens v. Execupharm, Roma v. Prospect Medical Holdings, and Dittman v. UPMC, which have shaped legal standing and the duty to protect sensitive information.

The Pennsylvania Supreme Court in Dittman v. UPMC found that an employer had a duty to protect its employees’ sensitive personal information which it obtains and electronically stores. The court also found that employees’ negligence claims were not barred by the economic loss doctrine, recognizing that the duty to maintain and protect sensitive data exists independently of any contractual obligations between an employer and employee.

As cyber threats continue to escalate, Matthew Green emphasizes that data breach litigation will continue to grow unless new legislation intervenes. He stresses the importance of businesses strengthening cybersecurity practices, ensuring compliance with evolving legal standards, and proactively mitigating risks to avoid potential liability.

Read the full article here.