This class action brings suit against Illinois Gastroenterology Group, PLLC (IGG), claiming that the group was negligent or careless and did not take sufficient measures to prevent a data breach that occurred in October 2021. The complaint alleges that unauthorized persons were able to intrude into the group’s systems and gain access to personally identifiable information (PII), protected health information (PHI), and protected biometric information (PBI).
A class and two subclasses have been defined for this action:
- The Nationwide Class is all US residents whose PII, PHI, or PBI was actually or potentially accessed or acquired during the data breach event that is the subject of the Notice of Data Breach that IGG issued to those affected on or around April 22, 2022.
- The Illinois Class is all Illinois residents who are members of the above class.
- The PBI Class is all US residents in the above class whose PBI was actually or potentially accessed or acquired during the data breach.
The data breach was discovered when IGG found “unusual activity” in its systems on October 22, 2021, the complaint says. IGG then engaged third-party cybersecurity specialists, the complaint alleges, to find out more about the event. On November 18, 2021, the complaint alleges, the investigation found that an unauthorized party had gotten into IGG’s systems and may have viewed or stolen information stored there.
The information compromised included names, addresses, dates of birth, Social Security numbers, driver’s license and passport numbers, payment card information, employer identification numbers, medical information, and biometric data.
IGG did not issue a Notice of Data Breach until April 22, 2022, the complaint claims, and “as of April 26, 2022, … has still not reported the breach to government agencies.”
The complaint faults IGG for “intentionally, willfully, recklessly, and/or negligently failing to take and implement adequate and reasonable measure to ensure that the PII, PHI, and PBI of Plaintiff and Class Members was safeguarded, failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.”
The complaint lists measures that it claims IGG should have taken, as recommended by the US government, the US Cybersecurity & Infrastructure Security Agency, and the Microsoft Threat Protection Intelligence Team. According to the complaint, IGG could have prevented the data breach by properly securing and encrypting the information or could have minimized the damage by destroying old data.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Illinois Gastroenterology Group Data Breach Class Action
May 13, 2022
This class action brings suit against Illinois Gastroenterology Group, PLLC (IGG), claiming that the group was negligent or careless and did not take sufficient measures to prevent a data breach that occurred in October 2021. The complaint alleges that unauthorized persons were able to intrude into the group’s systems and gain access to personally identifiable information (PII), protected health information (PHI), and protected biometric information (PBI).
Illinois Gastroenterology Group Data Breach Class ActionCase Event History
Illinois Gastroenterology Group Data Breach Class Action
May 13, 2022
This class action brings suit against Illinois Gastroenterology Group, PLLC (IGG), claiming that the group was negligent or careless and did not take sufficient measures to prevent a data breach that occurred in October 2021. The complaint alleges that unauthorized persons were able to intrude into the group’s systems and gain access to personally identifiable information (PII), protected health information (PHI), and protected biometric information (PBI).
Illinois Gastroenterology Group Data Breach Class Action