Recently, a Pennsylvania federal judge dismissed a suit challenging the use of a third-party website analytics tool by defendant Highlands Healthcare, Inc., an integrated health system with eight hospitals in Pennsylvania.  The Court concluded plaintiffs had failed to plead the “specifics” of their interactions with defendant’s website, which were “essential to convert [the] case” from a “law-school hypothetical to an actionable dispute” under the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”), the state law analog to the Federal Wiretap Act.  Muraski v. Penn Highlands Healthcare, Inc., 2026 WL 353041 (W.D. Pa. Feb. 9, 2026).

The two plaintiffs in this case asserted, on behalf of a putative class, that Highlands Healthcare used a third-party analytics tool on its website to allegedly collect data from plaintiffs’ interactions with Highlands’s website, search bar, and “Find a Doctor” page—including: (1) visitors’ IP addresses; (2) URLs; and (3) “information submitted by [Plaintiffs] through the search bar,” including “medical diagnosis, conditions and symptoms”—without plaintiffs’ consent.  Plaintiffs contended Highlands Healthcare was a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”) and plaintiffs had a reasonable expectation of privacy in their data communicated to Highlands via its website.

Finding the exercise of subject-matter jurisdiction proper under the Class Action Fairness Act (“CAFA”), the Court nevertheless ordered dismissal of the complaint for failure to state a claim under WESCA.

The Court found “persuasive” a recent federal decision from the Eastern District of Pennsylvania,which dismissed claims under the Federal Wiretap Act upon finding the plaintiffs there had not established that individually identifiable health information (“IIHI”) had been “intercepted” in violation of HIPAA, as to trigger the crime-tort exemption to the party exception.  See Santoro v. Tower Health, 2024 WL 1773371 (E.D. Pa. Apr. 24, 2024).  As in Santoro, whether plaintiffs’ IIHI was intercepted “depends on how the particular user interacts with the website,” and the Court here determined that plaintiffs had “failed to allege . . . a HIPAA violation” with “any particularity.”  Plaintiffs did not allege, for example, that a “particular medical condition was scheduled through the application” or “how their inputted information relates to Plaintiffs’ own medical care and diagnoses,” nor did they allege “what information was searched, what [protected health information (‘PHI’)] was disclosed,” or “what confidential diagnoses were revealed.”  Absent such “specifics,” the Court concluded, plaintiffs’ WESCA claim necessarily failed.

Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology…

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate also plays a key role in the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Kate’s exceptional legal work has earned widespread recognition. The Daily Journal named her successful defense of Meta and Microsoft cases described below as among its Top Verdicts, recognizing some of the largest and most impactful verdicts in California.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. (Daily Journal, Top Verdicts of 2021. Law.com recognized Kate with a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws. (Daily Journal, Top Verdicts of 2024.)

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal, was recognized by the Daily Journal as a Top Attorney Under 40, and also was named to Bloomberg Law’s They’ve Got Next: The 40 Under 40 list.

Read more about Kathryn Cahoy
Show more Show less
Photo of Rachel Bercovitz Rachel Bercovitz

Rachel Bercovitz is an associate in the firm’s Washington, DC office, where her practice focuses on class actions and complex civil litigation. She maintains an active pro bono practice, with a particular focus on gun violence prevention and veterans’ rights.

Read more about Rachel Bercovitz