Illinois Gastroenterology Group, PLLC (“IGG”) recently provided official notice of a data breach that could have broad implications for those whose information was leaked. According to IGG, the breach resulted in the names, addresses, dates of birth, Social Security numbers, driver’s license numbers, Passport numbers, financial account information, payment card information, employer-assigned identification number, medical information, and biometric data of certain individuals being accessible to an unauthorized party. On April 22, 2022, Illinois Gastroenterology Group sent out data breach letters to those who were impacted by the IGG data breach.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Illinois Gastroenterology Group data breach, please see our recent piece on the topic here.
What We Know About the Illinois Gastroenterology Group Data Breach
News of the Illinois Gastroenterology Group breach only recently broke; however, IGG has already provided some important details about the breach. Evidently, on October 22, 2021, IGG discovered unusual activity on its IT network. In response, IGG enlisted the assistance of outside cybersecurity professionals to investigate the incident. On November 18, 2021, IGG was able to confirm that an unauthorized party had gained access to its computer network and, as a result, certain consumer data on its network was exposed to the unauthorized party.
Illinois Gastroenterology Group then began to review the files that were accessible so the organization could inform those who were affected by the breach. This review was completed on March 22, 2021.
While the compromised information varies based on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, Passport number, financial account information, payment card information, employer-assigned identification number, medical information, and biometric data.
Subsequently, on April 22, 2022, IGG sent all affected parties a data breach notification letter explaining the incident, what information was compromised, and what steps they can take to reduce the chance of fraud or identity theft.
Illinois Gastroenterology Group is a healthcare practice made up of gastroenterologists and related medical providers. Based in Oak Lawn, Illinois, IGG was created through the merger of Elgin Gastroenterology, Lake Shore Gastroenterology, and Northwest Gastroenterologists in 2010. In subsequent years, the Midwest Center for Digestive Health, Gastrointestinal Health Associates of Geneva, and North Shore Gastroenterology joined the organization. Currently, IGG has 40 gastroenterologists that treat patients at 32 clinics located throughout Illinois. Illinois Gastroenterology Group employs more than 200 people and generates approximately $37 million in annual revenue.
What Is an Organization’s Responsibility to Safely Maintain Consumer Data?
When you sought treatment at Illinois Gastroenterology Group, chances are that the safety of the data you provided the organization wasn’t on your mind. Indeed, most consumers inherently trust the companies and other organizations that ask for their information. However, over recent years, the number of data breaches has increased dramatically. In turn, many consumers are now much more hesitant to give carte-blanche access to their information.
When you provide personal data to a business, non-profit, healthcare provider or any other organization, it creates a duty on the organization’s part. This duty doesn’t only prevent an organization from actively misusing your data but also requires the organization to implement sufficient security protocol to protect your information from other malicious actors such as hackers and cybercriminals.
Most organizations do a good job protecting the consumer data in their possession. However, the duty to maintain sensitive information is an evolving one; as hackers develop new techniques, organizations must continually update their data security systems to ensure they remain adequate.
If an organization mishandles consumer information or fails to implement adequate data security measures, and hackers are able to capitalize on the company’s oversight, those affected by the breach may pursue a legal claim against the company through a data breach class action lawsuit. Those interested in learning more about bringing a data breach class action lawsuit or the steps they should take to reduce the likelihood of fraud in the wake of a data breach should reach out to a data breach attorney for assistance.