A class action lawsuit settlement has been reached with Gurnee-based Illinois Gastroenterology Group after over 200,000 patients had their private data exposed in a security breach.
Illinois Gastroenterology Group (IGG) in April 2022 announced that they discovered unusual activity within their computer network on October 22, 2021.
IGG has offices in Gurnee, Highland Park, Lake in the Hills, Libertyville, Lindenhurst, Lake Bluff and more throughout the Chicago suburbs.
The company said they immediately launched an investigation with the assistance of third-party cybersecurity specialists to determine the nature and scope of the event.
In mid-November 2021, the investigation determined that an “unauthorized actor” gained access to certain company systems, IGG said.
Information contained in those systems may have been viewed or taken by the unauthorized actor, IGG added.
In March 2022, the company said they determined the following personal information was exposed: name, address, date of birth, Social Security number, driver’s license, passport, financial account information, payment card information, employer-assigned identification number, medical information and biometric data.
“IGG takes this incident and the security of personal information in its care seriously. IGG moved quickly to investigate and respond to this incident, assess the security of its systems, and notify potentially affected individuals. In response to this incident, IGG augmented its policies and procedures addressing network security,” the company said in its public statement last year.
“IGG accelerated the implementation of an enhanced managed Security Operations Center including the deployment of an endpoint detection and response platform in response to this event with policies enabled specially for ransomware. IGG immediately reset passwords and employees with privileged access to sensitive systems were enrolled into our multifactor authentication platform,” the statement added.
Several lawsuits were filed in Lake County Circuit Court against the company relating to the data breach.
IGG has since reached a settlement in the lawsuits. Almost 228,000 people who may have had their information comprised in the breach will be able to submit a settlement claim.
Patients who had their Social Security numbers exposed are eligible for a cash payment of $150.
Patients who had other personal information exposed besides their Social Security number are eligible to receive $50.
People who experienced ordinary losses or lost time for time spent responding to issues as a result of the breach are eligible for additional monetary reimbursement.