Illinois Gastroenterology Group, PLLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Illinois Gastroenterology Group Data Breach
Illinois Gastroenterology Group (IGG) experienced a significant data breach that was first discovered on October 22, 2021, when unusual activity was detected within its computer network. An investigation launched by IGG with the help of third-party cybersecurity specialists determined that an unauthorized actor had gained access to IGG’s systems. It was found that the information contained in those systems for approximately 227,943 individuals may have been compromised[1][14].
Compromised Information
The data breach potentially exposed a variety of personal information, including[1][14][17]:
- Names
- Addresses
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- Passport information
- Financial account information
- Payment card information
- Employer-assigned identification numbers
- Medical information
- Biometric data
Response and Legal Action
IGG published a Notice of Data Breach on April 22, 2022, and faced several lawsuits asserting claims arising from the data breach, including the McNicholas v. Illinois Gastroenterology Group case[1]. The lawsuits alleged that the breach was a direct result of IGG’s failure to adequately safeguard sensitive personal information[23]. A settlement was reached in the class action lawsuit related to the cybersecurity incident[1][20].
Settlement and Claims
Affected individuals were offered credit monitoring and identity theft protection services. They had the option to submit claims for alternative cash payments or documented losses, and the deadline for submitting claims was June 16, 2023[1].
Impact and Consequences
Data breaches like the one experienced by IGG can have significant long-term impacts, including financial loss, reputational damage, operational downtime, legal claims, and the loss of sensitive data[3][13][16][22]. For businesses, the consequences can be severe, potentially leading to revenue loss, damage to brand reputation, loss of intellectual property, hidden costs such as legal fees and regulatory fines, and even online vandalism[25].
Preventive Measures
IGG responded to the incident by enhancing its managed Security Operations Center, deploying an endpoint detection and response platform, resetting passwords, and enrolling employees with privileged access to sensitive systems into a multifactor authentication platform[1][14][17]. These measures are part of the broader strategies that organizations can adopt to mitigate the risks of data breaches and protect sensitive information[25].
Legal Requirements
In the event of a data breach, companies are required to notify the supervisory authority without undue delay, typically within 72 hours after becoming aware of the breach. If the breach poses a high risk to individuals, they must also be informed unless effective protection measures are in place[24].
Conclusion
The IGG data breach serves as a reminder of the importance of robust cybersecurity measures and the potential consequences of failing to protect sensitive personal information. Affected individuals and businesses must remain vigilant and take appropriate steps to safeguard against identity theft and fraud.
Citations:
- https://www.iggsettlement.com
- https://www.trendmicro.com/vinfo/us/security/definition/data-breach
- https://www.metacompliance.com/blog/data-breaches/5-damaging-consequences-of-a-data-breach
- https://www.ekransystem.com/en/blog/data-breach-investigation-best-practices
- https://www.hipaajournal.com/illinois-gastroenterology-group-settles-2021-data-breach-lawsuit/
- https://usa.kaspersky.com/resource-center/definitions/data-breach
- https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach
- https://www.iggsettlement.com/faqs
- https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
- https://www.cloudmask.com/blog/data-breaches-threats-and-consequences
- https://www.prnewswire.com/news-releases/illinois-gastroenterology-group-pllc-provides-notice-of-a-security-incident-301531255.html
- https://www.fortinet.com/resources/cyberglossary/data-breach
- https://www.nedigital.com/en/blog/data-breach-consequences
- https://healthitsecurity.com/news/illinois-gastroenterology-group-data-breach-impacts-228k
- https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html
- https://bigid.com/blog/the-costly-impact-of-a-data-breach-on-individuals/
- https://www.mass.gov/doc/assigned-data-breach-number-26427-illinois-gastroenterology-group-pllc/download
- https://en.wikipedia.org/wiki/Data_breach
- https://www.fisglobal.com/en/insights/merchant-solutions-worldpay/article/how-the-consequences-of-a-data-breach-threaten-small-businesses
- https://topclassactions.com/lawsuit-settlements/closed-settlements/illinois-gastroenterology-group-data-breach-class-action-settlement/
- https://www.cloudflare.com/learning/security/what-is-a-data-breach/
- https://securityintelligence.com/articles/long-term-impacts-security-breach/
- https://www.classaction.org/news/illinois-gastroenterology-group-facing-class-action-in-wake-of-october-2021-data-breach
- https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
- https://www.theamegroup.com/security-breach/