Christie Business Holdings Company, P.C.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The data breach at Christie Business Holdings Company, P.C., known as Christie Clinic, occurred between July 14, 2021, and August 19, 2021. This incident involved unauthorized access to the clinic’s servers and files, potentially compromising sensitive patient information. Christie Clinic, a significant multi-specialty group medical practice based in Champaign, Illinois, discovered the breach in January 2022. The breach affected at least 500,000 individuals, exposing Personally Identifiable Information (PII) and Personal Health Information (PHI), including names, addresses, medical and health insurance information, and Social Security numbers[1][5].

The unauthorized access was specifically aimed at a single business email account, with the intent likely being to intercept a financial transaction between Christie Clinic and a third-party vendor. Although the breach did not compromise other systems, electronic medical records, or the clinic’s patient portal, the full scope of the compromise has not been fully determined. Christie Clinic has since taken steps to enhance security measures, including implementing network security solutions and data security and privacy training[5].

This incident is part of a broader trend of increasing data breaches within the healthcare sector, with hacking incidents being a significant contributor to the number of breaches reported. In 2022, there was a notable year-over-year decline in the total number of data breaches reported, but hacking incidents and data theft remained prevalent, affecting hundreds of thousands of individuals across various healthcare providers and business associates[3].

Christie Clinic has responded to the breach by launching an investigation, notifying law enforcement, and beginning to send out data breach notification letters to impacted individuals on March 10, 2022. The clinic has also offered credit monitoring services to those affected[1][7]. Legal actions and investigations into the breach are ongoing, with affected individuals exploring their legal options[1][7].

Citations:

  1. https://www.justice4you.com/blog/christie-clinic-data-breach.html
  2. https://kehoelawfirm.com/blog/christie-clinic-data-breach
  3. https://www.hipaajournal.com/2022-healthcare-data-breach-report/
  4. https://www.doj.nh.gov/consumer/security-breaches/documents/christie-business-holdings-20220329.pdf
  5. https://www.securityweek.com/500000-impacted-email-breach-illinois-healthcare-firm/
  6. https://www.bankinfosecurity.com/more-major-hacking-incidents-added-to-hhs-breach-tally-a-18987
  7. https://www.thelyonfirm.com/class-action/data-breach/christie-clinic/
  8. https://www.bankinfosecurity.com/tally-analysis-a-20898
  9. https://ilcourtsaudio.blob.core.windows.net/antilles-resources/resources/5998876a-e07e-4969-b564-e85a8991f1e5/Petta%20v.%20Christie%20Business%20Holding%20Co.,%202023%20IL%20App%20(5th)%20220742.pdf
  10. https://www.hipaajournal.com/1h-2022-healthcare-data-breach-report/
  11. https://www.govinfosecurity.com/illinois-clinic-says-nearly-503000-affected-in-email-breach-a-18893
  12. https://www.christieclinic.com/News/5880/Notice-of-Data-Privacy-Event/news-detail/
  13. https://www.classaction.org/media/strode-v-christie-business-holdings-company-pc.pdf
  14. https://www.isba.org/cases/illinois/appellate/2023/11/28/pettavchristiebusinessholdingcopc
Breach Submission Date Mar 25, 2022
Converted Entity Name Christie Business Holdings Company, P.C.
Converted Entity Type Healthcare Provider
State IL
Individuals Affected 502,869
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes