A group of Advocate Medical Group patients has filed a class-action lawsuit against the Illinois-based health system after the July theft of four unencrypted computers that contained personal information on four million individuals, the Chicago Tribune reports.
The lawsuit -- filed in Cook County Circuit Court -- alleges that Advocate violated privacy regulations by failing to use encryption and other security measures on the computers (Smith, Chicago Tribune, 9/5).
Details of Breach
On July 15, the four computers were stolen from an Advocate Medical Group administrative building in Park Ridge, Ill.
Kelly Jo Golson -- senior vice president and chief marketing officer at Advocate Health Care -- said the computers were password-protected but not encrypted.
The information contained on the computers included patients':
- Dates of birth;
- Names; and
- Social Security numbers.
In addition, the computers contained clinical information, such as:
- Health insurance data; and
- Medical diagnoses and record numbers.
Data from HHS indicate that Advocate's breach is the second biggest HIPAA breach ever reported (iHealthBeat, 8/26).
The breach affected patients who saw Advocate physicians from the early 1990s through July of this year.
Advocate's Response to Lawsuit
In response to the lawsuit, Advocate released a statement saying," [W]e do not believe the data [were] targeted and we have no information that leads us to believe that the information has been misused ... [t]hus, we feel confident the facts will demonstrate that the lawsuit is without merit" (Chicago Tribune, 9/5).