http://www.chicagotribune.com/news/local/breaking/chi-advocate-medical-group-didnt-adequately-secure-data-classaction-suit-says-20130905,0,7744379.story
By Mitch Smith
Tribune reporter
September 5, 2013
Advocate Medical Group, already under federal and state investigation after the
theft of computers containing personal information on millions of people, is
now facing a class-action lawsuit from patients who say the Downers Grove-based
physician group didn’t do enough to protect their private data.
The suit, filed in Cook County Circuit Court, says the health care nonprofit
violated privacy regulations by failing to use encryption and other security
measures on the four computers that were stolen from its Park Ridge offices in
July. The computers contained information on more than 4 million patients.
Names, addresses, dates of birth and Social Security numbers are risk on the
computers, which were password-protected but not encrypted, Advocate said.
While full medical records were not on the computers, medical data for some
patients also is at risk, including diagnoses, medical record numbers, medical
service codes and health insurance information.
The breach, revealed last month, affects patients seen by Advocate Medical
Group physicians from the early 1990s through July. It’s the second-largest
loss of unsecured protected health information reported to the Department of
Health and Human Services since it implemented a mandatory notification rule in
2009.
In a statement, Advocate took issue with the lawsuit but said “we deeply regret
any inconvenience” the breach caused.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
