Christie Clinic Facing Class Action Over Summer 2021 Data Breach Affecting Half a Million Consumers

New to ClassAction.org? Read our Newswire Disclaimer

Christie Clinic faces a proposed class action that alleges the Illinois medical practice’s failure to properly safeguard consumers’ personal and health information is to blame for a data breach last year that reportedly affected more than 500,000 individuals.

The 39-page case claims that defendant Christie Business Holdings Company, P.C. disregarded consumers’ privacy rights by “intentionally, willfully, recklessly, and/or negligently” failing to take reasonable steps to secure their information from unauthorized access. Per the suit, consumers’ names, addresses, Social Security numbers, and medical and health information were exposed in the breach, which occurred from July 14 to August 19, 2021.

The lawsuit argues that those whose information was compromised in the incident now face “a lifetime risk of identity theft” and “various other forms of personal, social, and financial harm.”

According to the case, Christie Clinic confirmed in January 2022 that an unauthorized individual had gained access to information in its possession for a roughly five-week period the previous summer. The lawsuit says the breach was a result of the defendant’s failure to implement industry-standard cybersecurity measures, such as data encryption, to ensure that the information with which it was entrusted would remain protected from unauthorized access.

Despite learning of the breach in January, Christie Clinic waited another two months, until late March 2022, to begin notifying those whose data was compromised, the suit says.

Because of Christie Clinic’s “delayed response,” data breach victims “had no idea their [personally identifiable information] and [protected health information] had been compromised” and were unaware of the “significant risk” of identity theft and fraud that resulted from this exposure, the lawsuit contends.

Moreover, the suit says the defendant has also “purposefully” withheld from data breach victims details about the vulnerabilities that were exploited during the incident and the root cause of the breach.

According to the suit, the consequences of Christie Clinic’s alleged failure to safeguard consumers’ information are “long lasting and severe” given that the fraudulent use of the stolen data may continue for years. For this reason, the defendant’s offer of 12 months of identity and credit monitoring services through Experian is inadequate to protect data breach victims from future threats, the lawsuit contests.

The case looks to represent U.S. residents whose personally identifiable or protected health information was accessed or acquired during the data breach that is the subject of the notice sent by Christie Clinic around March 25, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.