A hospital has won court permission to subpoena Verizon for the identity of website hackers who emailed hospital employees’ links to a YouTube video comparing their CEO to Adolf Hitler, Joseph Stalin and Saddam Hussein.

The hospital will also get to find out who hacked in and sent a second round of emails accusing the CEO and other top hospital administrators of sexual acts with other hospital personnel.

The Appellate Division, in a precedential April 5 ruling, Warren Hospital v. Does, A-4119-11, overturned a lower court that quashed the subpoenas.

Judges Clarkson Fisher Jr., Alexander Waugh Jr. and Jerome St. John  gave Warren Hospital in Phillipsburg a way around Dendrite International v. Doe No. 3, 342 N.J. Super. 134 (App. Div. 2001), a landmark decision followed by courts around the country that set criteria for the discovery of information about anonymous online critics.

Dendrite involved messages posted on a Yahoo! message board about a Morristown company that produced pharmaceutical software.

But here the plaintiffs “presented sufficient facts from which we may assume that what John Does One and Two did electronically was no different than if they had broken into the hospital and spray painted their message on the hospital’s walls,” Fisher wrote.

“We reject the argument that those who engage in this type of conduct are entitled to cling to their anonymity through a strict or overly-formulaic application of the Dendrite test.”

The panel here found it was enough that the plaintiffs had demonstrated “(1) the speakers’ unlawful or impermissible mode of communication, and (2) that the allegedly defamatory statements would survive a motion to dismiss.”

Brad Russo, the lawyer fighting the subpoenas on behalf of one or more of the Does, had argued that the information obtained might help the plaintiffs determine the identity of those who made some of those other statements.

That possibility was “of little concern” to Fisher. “If the discovery we now permit reveals that John Does One and Two also uttered other statements in less wrongful or even completely innocent ways — or the revelation of their true identities may lead to a discovery of the identities of other anonymous speakers — then that is a consequence of John Doe One and John Doe Two’s alleged wrongdoing,” he wrote.

The holding allows the hospital and other plaintiffs to enforce subpoenas against Verizon for information about three IP addresses used in hackings that occurred on Aug. 17 and Oct. 19, 2009.

The Aug. 17 email stated “Extra! Scumbag’s all about it!!!! Heil! Litzler!” and linked to the YouTube video that had images of then-CEO Thomas Litz and likened him to Hitler and other infamous tyrants.

The hacking took place after Litz was hired to turn around the financially ailing hospital and began cutting costs by reducing employee compensation and eliminating some operations. 

Litz, who retired last June, was the prime target of the anonymous critics, along with board chairman Robert Rumfield, administrative director Theodore Ruhf and Assistant Vice-President of Patent Care Gail Newton, among others, who are also plaintiffs.

The Oct. 19 email referred to supposed sexual activities by the plaintiffs and called management  “racist bigots.”

The complaint, filed in Warren County Superior Court in September 2010, has not yet been answered because the judge, Amy O’Connor, relying on Dendrite, quashed every subpoena seeking to identify the Does.

Joseph Manfredi, of Manfredi & Pellechio in Hoboken, who represents the plaintiffs, says “the Appellate Division said hackers cannot turn a private corporation’s intranet system into a First Amendment forum.”

The court put limits on Dendrite, articulating a new test for when hacking or some other unlawful or impermissible means is used, says Manfredi.

He also points out that it was impossible for his clients to comply with Dendrite’s notice requirement with regard to the hacked messages because all they have are the IP addresses.

Brad Russo, the Phillipsburg lawyer who represents one or more Does — he declines to say how many — notes that the plaintiffs have shirked their First Amendment obligations by not providing any notice, even though the vast majority of the comments are covered by Dendrite and notice could be provided via nj.com or YouTube.

He says his position is that with Dendrite applicable to 98 percent or so of the comments, the plaintiffs should not be allowed to go forward with identification as to the other two percent.

Because of the selective focus on the hacking, the appeals court considered the issue in isolation rather than in the broader context, he says.

Paul Levy, a lawyer with Public Citizen in Washington, D.C., an amicus in Dendrite, calls the decision “doctrinally unfortunate” to the extent it carves out an exception and also unnecessary, because the plaintiffs could apparently have satisfied the Dendrite standard.

“What the court seems to have said is that the way of making the statement was tortious on the face of it,” he says.

Fisher acknowledged in his opinion that the nearly 90-page complaint asserted claims concerning numerous other statements that did not involve hacking — comments posted on the nj.com website and videos uploaded to YouTube — and might “bring a future application for discovery closer to the circumstances in Dendrite.”