Christie Clinic Facing Class Action Over Summer 2021 Data Breach Affecting Half a Million Consumers
by Erin Shaak
Strode v. Christie Business Holdings Company, P.C.
Filed: April 12, 2022 ◆§ 2:22-cv-02081
A lawsuit claims Christie Clinic's failure to properly safeguard consumers’ personal and health information is to blame for a data breach last year.
Illinois
Christie Clinic faces a proposed class action that alleges the Illinois medical practice’s failure to properly safeguard consumers’ personal and health information is to blame for a data breach last year that reportedly affected more than 500,000 individuals.
The 39-page case claims that defendant Christie Business Holdings Company, P.C. disregarded consumers’ privacy rights by “intentionally, willfully, recklessly, and/or negligently” failing to take reasonable steps to secure their information from unauthorized access. Per the suit, consumers’ names, addresses, Social Security numbers, and medical and health information were exposed in the breach, which occurred from July 14 to August 19, 2021.
The lawsuit argues that those whose information was compromised in the incident now face “a lifetime risk of identity theft” and “various other forms of personal, social, and financial harm.”
According to the case, Christie Clinic confirmed in January 2022 that an unauthorized individual had gained access to information in its possession for a roughly five-week period the previous summer. The lawsuit says the breach was a result of the defendant’s failure to implement industry-standard cybersecurity measures, such as data encryption, to ensure that the information with which it was entrusted would remain protected from unauthorized access.
Despite learning of the breach in January, Christie Clinic waited another two months, until late March 2022, to begin notifying those whose data was compromised, the suit says.
Because of Christie Clinic’s “delayed response,” data breach victims “had no idea their [personally identifiable information] and [protected health information] had been compromised” and were unaware of the “significant risk” of identity theft and fraud that resulted from this exposure, the lawsuit contends.
Moreover, the suit says the defendant has also “purposefully” withheld from data breach victims details about the vulnerabilities that were exploited during the incident and the root cause of the breach.
According to the suit, the consequences of Christie Clinic’s alleged failure to safeguard consumers’ information are “long lasting and severe” given that the fraudulent use of the stolen data may continue for years. For this reason, the defendant’s offer of 12 months of identity and credit monitoring services through Experian is inadequate to protect data breach victims from future threats, the lawsuit contests.
The case looks to represent U.S. residents whose personally identifiable or protected health information was accessed or acquired during the data breach that is the subject of the notice sent by Christie Clinic around March 25, 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.