Illinois Gastroenterology Group Settles 2021 Data Breach Lawsuit
Illinois Gastroenterology Group (IGG) has agreed to settle a class action lawsuit that stemmed from a 2021 data breach that exposed the protected health information of 227,943 patients. The data breach was detected by IGG on October 22, 2021, however, it took until November 18, 2021, for the investigation to conclude that unauthorized individuals had accessed its systems and until March 22, 2022, to determine that the protected health information of patients had been compromised. The compromised data included names, addresses, birth dates, Social Security numbers, driver’s license numbers, passport numbers, financial account information, payment card information, employer-assigned identification numbers, medical information, and biometric data. Notifications were sent to the HHS and affected individuals a month later, on April 22, 2022.
A lawsuit – McNicholas, et al. v. Illinois Gastroenterology Group PLLC – was filed in the Nineteenth Judicial Circuit Court of Lake County, Illinois, that alleged IGG had failed to implement reasonable and appropriate safeguards to protect the privacy and confidentiality of the sensitive data collected and stored. IGG chose to settle the lawsuit with no admission of any wrongdoing to prevent further legal costs and avoid the uncertainty of trial. The total settlement amount was not disclosed.
Under the terms of the settlement, class members are entitled to receive a cash payment of $50 as compensation or a cash payment of $150 if their Social Security numbers or biometric information were compromised. Alternatively, claims may be submitted if damages have been experienced and reimbursement will be provided for documented losses traceable to the data breach up to a maximum of $200 for ordinary losses, three hours of lost time at $25 per hour, and up to $5,000 for extraordinary losses, such as identity theft. All individuals who received a notification from IGG about the data breach are entitled to receive three years of free credit monitoring services, which include a $1 million identity theft insurance policy. IGG has also agreed to implement additional security measures to protect patient data. These measures have either already been implemented and paid for by IGG or will be paid for by IGG separately from other settlement benefits.
The deadline for exclusion from and objection to the settlement is May 17, 2023. The deadline for submitting claims is June 16, 2023. The final approval hearing has been scheduled for June 22, 2023.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy