Illinois medical group sued over data breach that exposed 655K patients' info

Downers Grove, Ill.-based DuPage Medical Group is being accused of failing to properly secure patients' personal information and not telling patients quickly enough about a July cyberattack that exposed their data, The Chicago Tribune reported Sept. 2. 

Five details: 

1. DuPage Medical Group began notifying 655,384 patients Aug. 30 that their personal health information was exposed in July when the group's computer network was hacked. 

2. Two patients, Rochelle Hestrup and Erin Peiss, filed the class-action lawsuit in DuPage County Circuit Court on Sept. 1; the suit claims that DuPage Medical Group didn't do enough to protect patients' PHI and that the group didn't alert them of the breach quickly enough. 

3. In a Sept. 2 statement to the Tribune, DuPage Medical Group said it had not yet been served with the lawsuit and would need time to analyze the allegations. The group added: "We remain committed to information security, and although we are unaware at this time of any attempted or actual misuse of the information involved, we understand the concern that this potential access raises." 

4. The plaintiffs are seeking damages, reimbursement of out-of-pocket costs and improvements to DuPage Medical Group's data security systems, according to a Sept. 2 news release from the plaintiffs' counsel, Keller Lenkner. 

5. DuPage Medical Group is offering free credit and identity monitoring services to patients affected by the breach and told patients they could call 1-800-709-2027 for more information. However, the lawsuit alleges that when the plaintiffs called the number Sept. 1, they weren't told whether they were affected by the incident and had to wait for a notification letter in the mail, according to the report.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars