US Fertility Patient Information Exposed in Data Breach Class Action

Online data thieves these days seem to be increasingly likely to target healthcare companies. This class action brings suit against two more such healthcare entities, US Fertility, LLC (USF) and Fertility Centers of Illinois, SC. The complaint claims that the companies failed to take proper security measures to protect the information of their customers, and also that they failed to report the theft to those affected in a timely manner.

The National Class for this action is all persons living in the US who were patients of USF or Fertility Centers whose personal information was compromised in the data breach. An Illinois Subclass has been defined, alleging violation of the Illinois Consumer Fraud Act.

The data breach occurred because of a malware infection, the complaint says. It cites the period during which unauthorized persons had access to the data as running from August 12 to September 14.

A third-party computer forensic specialist helped the company determine the nature of the stolen information: names, Social Security numbers, patient numbers, and dates of birth.

Although USF became aware of the data breach in September 2020, it waited for approximately four months before information those who were affected.

The complaint states, “From 2005 to 2019, the total number of individuals affected by healthcare data breaches was 240.09 million, of which 157.40 million were affected in the last five years alone.” The information identity thieves obtain enables them to commit not only identity theft and financial fraud but medical fraud as well. Cybercriminals can further use the information to aim their frauds and scams aimed at people with particular medical conditions.

Companies are not left to figure out what kind of security measures they should take on their own. The Health Insurance Portability and Accountability Act (HIPAA), the Federal Trade Commission (FTC), and state laws have set guidelines and standards for the protection of protection of personal information stored in company files and databases.

For example, the FTC publishes guidelines in Protecting Personal Information: A Guide for Business. The publication advises businesses to “protect the personal information that they keep; properly dispose of personal information that is no longer needed; encrypt information stores on computer networks; understand vulnerabilities of its network; and implement policies to correct security problems.”

Companies should also have a system to detect intrusions as soon as they occur; monitor incoming traffic for hacking attempts; look for large amounts of data being taken from the system; and have a response plan on hand that can be implemented in case of a breach.

Illinois, the state where this data breach occurred also have a Personal Information Protection Act (PIPA) that requires that entities that store personal information “notify the owner or licensee of the information of any breach of the security of the data immediately following discovery” that data has been acquired by an unauthorized person.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

US Fertility Patient Information Exposed in Data Breach Complaint

February 3, 2021

Online data thieves these days seem to be increasingly likely to target healthcare companies. This class action brings suit against two more such healthcare entities, US Fertility, LLC (USF) and Fertility Centers of Illinois, SC. The complaint claims that the companies failed to take proper security measures to protect the information of their customers, and also that they failed to report the theft to those affected in a timely manner.

US Fertility Patient Information Exposed in Data Breach Complaint

Case Event History

US Fertility Patient Information Exposed in Data Breach Complaint

February 3, 2021

Online data thieves these days seem to be increasingly likely to target healthcare companies. This class action brings suit against two more such healthcare entities, US Fertility, LLC (USF) and Fertility Centers of Illinois, SC. The complaint claims that the companies failed to take proper security measures to protect the information of their customers, and also that they failed to report the theft to those affected in a timely manner.

US Fertility Patient Information Exposed in Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy