Christie Business Holdings Company, P.C.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The data breach at Christie Business Holdings Company, P.C., known as Christie Clinic, occurred between July 14, 2021, and August 19, 2021. This incident involved unauthorized access to the clinic’s servers and files, potentially compromising sensitive patient information. Christie Clinic, a significant multi-specialty group medical practice based in Champaign, Illinois, discovered the breach in January 2022. The breach affected at least 500,000 individuals, exposing Personally Identifiable Information (PII) and Personal Health Information (PHI), including names, addresses, medical and health insurance information, and Social Security numbers[1][5].
The unauthorized access was specifically aimed at a single business email account, with the intent likely being to intercept a financial transaction between Christie Clinic and a third-party vendor. Although the breach did not compromise other systems, electronic medical records, or the clinic’s patient portal, the full scope of the compromise has not been fully determined. Christie Clinic has since taken steps to enhance security measures, including implementing network security solutions and data security and privacy training[5].
This incident is part of a broader trend of increasing data breaches within the healthcare sector, with hacking incidents being a significant contributor to the number of breaches reported. In 2022, there was a notable year-over-year decline in the total number of data breaches reported, but hacking incidents and data theft remained prevalent, affecting hundreds of thousands of individuals across various healthcare providers and business associates[3].
Christie Clinic has responded to the breach by launching an investigation, notifying law enforcement, and beginning to send out data breach notification letters to impacted individuals on March 10, 2022. The clinic has also offered credit monitoring services to those affected[1][7]. Legal actions and investigations into the breach are ongoing, with affected individuals exploring their legal options[1][7].
Citations:
- https://www.justice4you.com/blog/christie-clinic-data-breach.html
- https://kehoelawfirm.com/blog/christie-clinic-data-breach
- https://www.hipaajournal.com/2022-healthcare-data-breach-report/
- https://www.doj.nh.gov/consumer/security-breaches/documents/christie-business-holdings-20220329.pdf
- https://www.securityweek.com/500000-impacted-email-breach-illinois-healthcare-firm/
- https://www.bankinfosecurity.com/more-major-hacking-incidents-added-to-hhs-breach-tally-a-18987
- https://www.thelyonfirm.com/class-action/data-breach/christie-clinic/
- https://www.bankinfosecurity.com/tally-analysis-a-20898
- https://ilcourtsaudio.blob.core.windows.net/antilles-resources/resources/5998876a-e07e-4969-b564-e85a8991f1e5/Petta%20v.%20Christie%20Business%20Holding%20Co.,%202023%20IL%20App%20(5th)%20220742.pdf
- https://www.hipaajournal.com/1h-2022-healthcare-data-breach-report/
- https://www.govinfosecurity.com/illinois-clinic-says-nearly-503000-affected-in-email-breach-a-18893
- https://www.christieclinic.com/News/5880/Notice-of-Data-Privacy-Event/news-detail/
- https://www.classaction.org/media/strode-v-christie-business-holdings-company-pc.pdf
- https://www.isba.org/cases/illinois/appellate/2023/11/28/pettavchristiebusinessholdingcopc