This class action concerns yet another data breach, this time of Illinois Gastroenterology Group, PLLC (IGG). The complaint alleges that the information exposed including protected health information (PHI), personally identifiable information (PII), and protected biometric information (PBI), affecting more than 227,000 individuals.
A class and two subclasses have been defined for this action:
- The Nationwide Class is all US residents whose PII, PHI, or PBI was actually or potentially accessed or acquired in the data breach that was the subject of the Notice sent out on or around April 22, 2022.
- The Illinois Subclass is all those in the Nationwide Class who are residents of Illinois.
- The PBI Subclass is all those whose PBI was actually or potentially accessed or acquired in the data breach that was the subject of the Notice sent out on or around April 22, 2022.
On October 22, 2021, IGG detected unusual activity in its systems, the complaint claims, and launched an investigation with the help of third-party cybersecurity specialists. According to the complaint, the investigation found, as of November 18, 2021, that an unauthorized party had gained access to the systems and may have viewed or stolen information.
Around five months later, the complaint claims, on May 22, 2022, IGG announced the kinds of information that may have been exposed, including names, dates of birth, Social Security numbers, driver’s license and passport numbers, financial account and payment card information, employer-assigned identification numbers, medical information, and biometric data. The complaint also alleges that the information was unencrypted.
According to the complaint, by collecting, using, and getting a benefit from private information, IGG “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.” It also claims, “This PII, PHI, and PBI was compromised due to [IGG’s] negligent and/or careless acts and omissions and the failure to protect the sensitive and personal information” it stored in its systems.
The complaint also faults IGG in that it has “purposefully maintained secret the specific vulnerabilities and root causes of the breach and have not informed Plaintiff and Class Members of that information. IGG had a previous data breach in 2019 that affected 1,481 patients and the complaint speculates on whether that attack and the current one were enabled by any common vulnerabilities.
The complaint says that IGG has offered the individual victims only twelve months of identity theft protection. This, the complaint claims, is not enough: It asks the court for “a sum of money sufficient to provide to Plaintiff and Class Members identity theft protective services for their respective lifetimes.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Illinois Gastroenterology Exposure of PHI, PII, and PBI Complaint
June 6, 2022
This class action concerns yet another data breach, this time of Illinois Gastroenterology Group, PLLC (IGG). The complaint alleges that the information exposed including protected health information (PHI), personally identifiable information (PII), and protected biometric information (PBI), affecting more than 227,000 individuals.
Illinois Gastroenterology Exposure of PHI, PII, and PBI ComplaintCase Event History
Illinois Gastroenterology Exposure of PHI, PII, and PBI Complaint
June 6, 2022
This class action concerns yet another data breach, this time of Illinois Gastroenterology Group, PLLC (IGG). The complaint alleges that the information exposed including protected health information (PHI), personally identifiable information (PII), and protected biometric information (PBI), affecting more than 227,000 individuals.
Illinois Gastroenterology Exposure of PHI, PII, and PBI Complaint