Advocate Aurora Health Hit with Class Action Over Series of Data Breaches [DISMISSED]

New to ClassAction.org? Read our Newswire Disclaimer

Advocate Aurora Health, Inc. and Advocate Health and Hospitals Corporation face a proposed class action over a series of data breaches that reportedly compromised the personal and health information of more than 100,000 patients.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 32-page lawsuit, the breaches, which occurred in April, August and September 2020 and July 2021, likely exposed patients’ names, dates of birth, addresses, Social Security numbers, medical records, lab results, diagnoses, medications, health insurance information and dates of service. The case out of Illinois claims the defendants’ apparent history of data breaches stems directly from their failure to abide by best practices and industry standards with regard to cybersecurity.

“Defendants failed to comply with security standards and allowed their customers’ Private Information to be compromised by cutting corners on security measures that could have prevented or mitigated the Security Breach that occurred,” the complaint reads.

The lawsuit says Advocate Aurora Health and Advocate Health and Hospitals Corporation, who does business as Advocate Christ Medical Center in Oak Lawn, Illinois, were bound by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), not to mention industry standards, common law, and representations made to patients, to protect the private personal and health information with which they were entrusted. Nevertheless, the regional healthcare system, the case alleges, has failed to maintain adequate data security practices, monitor their systems for intrusions and properly train employees on policies and procedures to safeguard protected health information, among other measures that the suit contends could have prevented the breach.

Per the lawsuit, the defendants’ history of data breach issues includes the payment by a related entity, Advocate Health, of “one of the largest settlements of the year” in 2016 after a cybersecurity incident compromised the information of more than four million patients.

“Defendants are a major regional healthcare system, yet Defendants did not allocate adequate resources for cybersecurity protection of patient information,” the suit says.

The plaintiff is the estate of a former Advocate Christ Medical Center patient whose son received notice from the hospital in February or March 2021 that hackers had accessed his deceased mother’s information. Per the case, a “series of suspicious behavior,” including a fraudulent withdrawal from the plaintiff’s bank account, false charges to a Kohl’s store and on the son’s Amazon account, and medically related targeted advertising, has occurred as an alleged result of the breach.

The man asserts that the unauthorized exposure of his mother’s information has forced him to “extend his grieving process through the stress, nuisance, fear, and annoyance of safeguarding his and [his mother’s] personal information and fearing future harm.”

According to the case, the defendants, as of July 16, have yet to affirmatively notify patients affected by the breach as to what specific data that was stolen.

The plaintiff looks to represent anyone who had their private information submitted to the defendants or their affiliates and/or whose private information was compromised as a result of the data breaches discovered between 2020 and 2021. The case also proposes an alternative subclass of Illinois residents who fit the same criteria.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.