Patients File Suit Against Advocate Medical Group for Data Breach


A group of Advocate Medical Group patients has filed a class-action lawsuit against the Illinois-based health system after the July theft of four unencrypted computers that contained personal information on four million individuals, the Chicago Tribune reports.

The lawsuit -- filed in Cook County Circuit Court -- alleges that Advocate violated privacy regulations by failing to use encryption and other security measures on the computers (Smith, Chicago Tribune, 9/5).

Details of Breach

On July 15, the four computers were stolen from an Advocate Medical Group administrative building in Park Ridge, Ill.

Kelly Jo Golson -- senior vice president and chief marketing officer at Advocate Health Care -- said the computers were password-protected but not encrypted.

The information contained on the computers included patients':

  • Addresses;
  • Dates of birth;
  • Names; and
  • Social Security numbers.

In addition, the computers contained clinical information, such as:

  • Health insurance data; and
  • Medical diagnoses and record numbers.

Data from HHS indicate that Advocate's breach is the second biggest HIPAA breach ever reported (iHealthBeat, 8/26).

The breach affected patients who saw Advocate physicians from the early 1990s through July of this year.

Advocate's Response to Lawsuit

In response to the lawsuit, Advocate released a statement saying," [W]e do not believe the data [were] targeted and we have no information that leads us to believe that the information has been misused ... [t]hus, we feel confident the facts will demonstrate that the lawsuit is without merit" (Chicago Tribune, 9/5).

to share your thoughts on this article.