Illinois Gastroenterology Group, PLLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Illinois Gastroenterology Group Data Breach

Illinois Gastroenterology Group (IGG) experienced a significant data breach that was first discovered on October 22, 2021, when unusual activity was detected within its computer network. An investigation launched by IGG with the help of third-party cybersecurity specialists determined that an unauthorized actor had gained access to IGG’s systems. It was found that the information contained in those systems for approximately 227,943 individuals may have been compromised[1][14].

Compromised Information

The data breach potentially exposed a variety of personal information, including[1][14][17]:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Driver’s license numbers
  • Passport information
  • Financial account information
  • Payment card information
  • Employer-assigned identification numbers
  • Medical information
  • Biometric data

Response and Legal Action

IGG published a Notice of Data Breach on April 22, 2022, and faced several lawsuits asserting claims arising from the data breach, including the McNicholas v. Illinois Gastroenterology Group case[1]. The lawsuits alleged that the breach was a direct result of IGG’s failure to adequately safeguard sensitive personal information[23]. A settlement was reached in the class action lawsuit related to the cybersecurity incident[1][20].

Settlement and Claims

Affected individuals were offered credit monitoring and identity theft protection services. They had the option to submit claims for alternative cash payments or documented losses, and the deadline for submitting claims was June 16, 2023[1].

Impact and Consequences

Data breaches like the one experienced by IGG can have significant long-term impacts, including financial loss, reputational damage, operational downtime, legal claims, and the loss of sensitive data[3][13][16][22]. For businesses, the consequences can be severe, potentially leading to revenue loss, damage to brand reputation, loss of intellectual property, hidden costs such as legal fees and regulatory fines, and even online vandalism[25].

Preventive Measures

IGG responded to the incident by enhancing its managed Security Operations Center, deploying an endpoint detection and response platform, resetting passwords, and enrolling employees with privileged access to sensitive systems into a multifactor authentication platform[1][14][17]. These measures are part of the broader strategies that organizations can adopt to mitigate the risks of data breaches and protect sensitive information[25].

Legal Requirements

In the event of a data breach, companies are required to notify the supervisory authority without undue delay, typically within 72 hours after becoming aware of the breach. If the breach poses a high risk to individuals, they must also be informed unless effective protection measures are in place[24].

Conclusion

The IGG data breach serves as a reminder of the importance of robust cybersecurity measures and the potential consequences of failing to protect sensitive personal information. Affected individuals and businesses must remain vigilant and take appropriate steps to safeguard against identity theft and fraud.

Citations:

  1. https://www.iggsettlement.com
  2. https://www.trendmicro.com/vinfo/us/security/definition/data-breach
  3. https://www.metacompliance.com/blog/data-breaches/5-damaging-consequences-of-a-data-breach
  4. https://www.ekransystem.com/en/blog/data-breach-investigation-best-practices
  5. https://www.hipaajournal.com/illinois-gastroenterology-group-settles-2021-data-breach-lawsuit/
  6. https://usa.kaspersky.com/resource-center/definitions/data-breach
  7. https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
  8. https://www.iggsettlement.com/faqs
  9. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
  10. https://www.cloudmask.com/blog/data-breaches-threats-and-consequences
  11. https://www.prnewswire.com/news-releases/illinois-gastroenterology-group-pllc-provides-notice-of-a-security-incident-301531255.html
  12. https://www.fortinet.com/resources/cyberglossary/data-breach
  13. https://www.nedigital.com/en/blog/data-breach-consequences
  14. https://healthitsecurity.com/news/illinois-gastroenterology-group-data-breach-impacts-228k
  15. https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html
  16. https://bigid.com/blog/the-costly-impact-of-a-data-breach-on-individuals/
  17. https://www.mass.gov/doc/assigned-data-breach-number-26427-illinois-gastroenterology-group-pllc/download
  18. https://en.wikipedia.org/wiki/Data_breach
  19. https://www.fisglobal.com/en/insights/merchant-solutions-worldpay/article/how-the-consequences-of-a-data-breach-threaten-small-businesses
  20. https://topclassactions.com/lawsuit-settlements/closed-settlements/illinois-gastroenterology-group-data-breach-class-action-settlement/
  21. https://www.cloudflare.com/learning/security/what-is-a-data-breach/
  22. https://securityintelligence.com/articles/long-term-impacts-security-breach/
  23. https://www.classaction.org/news/illinois-gastroenterology-group-facing-class-action-in-wake-of-october-2021-data-breach
  24. https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
  25. https://www.theamegroup.com/security-breach/
Breach Submission Date Apr 22, 2022
Converted Entity Name Illinois Gastroenterology Group, PLLC
Converted Entity Type Healthcare Provider
State IL
Individuals Affected 227,943
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes