Cybersecurity News

Illinois Medical Practice Settles Lawsuit After Data Breach Impacts 228K

The Plaintiff launched and settled a class action lawsuit against Illinois Gastroenterology Group (IGG) following a data breach that allegedly jeopardized patient privacy.

Source: Getty Images

By Sarai Rodriguez

- Illinois Gastroenterology Group (IGG) has settled a class-action lawsuit for an undisclosed amount after a data breach puts the patient privacy of more than 227,943 individuals at risk. The lawsuit stemmed from a breach initially disclosed in April 2022.

IGG identified that an unauthorized individual had breached its computer systems, and an investigation suggested that the threat actor might have potentially viewed or stolen sensitive information.

The actor potentially accessed settlement class members’ personally identifiable information (PII), including names, birth dates, Social Security numbers, driver’s license numbers, passport information, financial account information, addresses, payment card information, biometric data, employer-assigned identification numbers, and medical information.

In response to the incident, IGG said it implemented advanced security measures, including the deployment of an endpoint detection protection.

Following the incident, the class action lawsuit, McNicholas et al. v. Illinois Gastroenterology Group PLLC, was filed in the Lake County Nineteenth Judicial Circuit Court, alleging negligence, violations of the Illinois Consumer Fraud and Deceptive Business Practices Act, and other charges against IGG.

Specifically, the plaintiff accused IGG of failing to implement adequate patient privacy safeguards to protect sensitive data stored and collected.

However, IGG denied all allegations of wrongdoing or liability. The organization refuted any accusations of negligence, contract breaches, fiduciary duty breaches, privacy invasion, or breaches of medical record confidentiality.

IGG opted for the settlement to minimize further legal expenses and avoid the unpredictability of a trial, stating that continuing to defend the lawsuits would be both time-consuming and costly.

Under the terms of the settlement, plaintiffs sought reimbursement in the form of cash payments, documented ordinary losses, recorded extraordinary losses, and credit monitoring, depending on the extent of compromised information and damages endured.

Class members with compromised Social Security numbers or biometrics and all California subclass members are eligible for a $150 cash payment.

Those whose Social Security numbers were not affected but had their health information breached can receive $50. All class members qualify for three years of complimentary credit monitoring services, including single-bureau monitoring and $1 million in identity theft protection and restoration services.

Following healthcare data breaches, lawsuits have become increasingly prevalent, frequently leading to hefty settlements. For instance, UMass Memorial Health Center agreed to a $1.2 million settlement in a data breach lawsuit sparked by a data security incident between June 24, 2020, and January 7, 2021.