Posted On April 26, 2022 Consumer Privacy & Data Breaches
April 26,2022 – Recently, Illinois Gastroenterology Group, PLLC (“IGG”) announced a data breach after an unauthorized party gained access to the organization’s IT system. As a result of the breach, certain individuals’ personal data and protected health information were exposed, including their names, Social Security numbers, financial account information and biometric data. On April 22, 2022, Illinois Gastroenterology Group provided official notice of the breach to consumers on its website as well as through data breach letters.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Illinois Gastroenterology Group data breach. Our law firm is investigating the IGG data breach and is currently seeking to interview as many victims of the breach as possible to determine how they were impacted and what legal options may be available to them. If you would be willing to participate in the investigation and would like to have a free consultation and case evaluation, please contact us as soon as possible.
In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.
According to an official filing by the organization, on October 22, 2021, IGG first detected unusual activity on its computer network. In response, IGG launched an internal investigation to learn more about the nature and scope of the incident, as well as whether any consumer data was leaked as a result.
On November 18, 2021, the organization confirmed that an unauthorized party had gained access to its IT network and that certain information on its network may have been viewed and potentially removed.
Upon learning of the extent of the security breach, Illinois Gastroenterology Group then reviewed the affected files to determine what information was compromised. IGG completed its review of the files on March 22, 2021. While the compromised information varies based on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, Passport number, financial account information, payment card information, employer-assigned identification number, medical information, and biometric data.
On April 22, 2022, Illinois Gastroenterology Group began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident.
Illinois Gastroenterology Group is a regional medical healthcare practice made up of board-certified private practice gastroenterologists and related professionals. IGG was founded in 2010, when Elgin Gastroenterology, Lake Shore Gastroenterology, and Northwest Gastroenterologists merged. Since then, the Midwest Center for Digestive Health, Gastrointestinal Health Associates of Geneva, and North Shore Gastroenterology joined the organization. Illinois Gastroenterology Group has 40 gastroenterologists that practice across 32 clinics across Illinois. IGG is based in Oak Lawn, Illinois, and the organization employs more than 200 people. Illinois Gastroenterology Group generates approximately $37 million in annual revenue.
When you allowed IGG access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the IGG data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.
Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Illinois Gastroenterology Group breach is only in its beginning phases. For that reason, it is too early to tell if IGG was legally responsible for the breach. However, our data breach attorneys are investigating the Illinois Gastroenterology Group security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against IGG, contact a data breach attorney as soon as possible.
If you receive a data breach notification from IGG in the coming weeks, it means your personal data was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the IGG data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Illinois Gastroenterology Group, PLLC:
Illinois Gastroenterology Group, PLLC (“IGG”) is providing notice of a recent incident that may affect the security of certain individuals’ information.
What Happened? On October 22, 2021, IGG discovered unusual activity within its computer network. IGG immediately launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the event. On November 18, 2021, the investigation determined that an unauthorized actor gained access to certain IGG systems and that information contained in those systems may have been viewed or taken by the unauthorized actor.
Although there is no indication that identity theft or fraud occurred as a result of this incident, IGG has not been able to rule out the possibility that some individuals’ information was or may have been viewed or taken. Therefore, in an abundance of caution, IGG reviewed the information contained within the systems to identify if any individuals’ personal information or protected health information was potentially impacted. On March 22, 2022, the review determined that certain information related to individuals was or may have been impacted.
What Information was Involved? The following types of information that IGG maintains in its systems and that were, or may have been, impacted by this incident include: name, address, date of birth, Social Security number, driver’s license, Passport, financial account information, payment card information, employer-assigned identification number, medical information, and biometric data. To date, IGG has not received any reports of fraudulent misuse of any information potentially impacted.
What is IGG Doing? IGG takes this incident and the security of personal information in its care seriously. IGG moved quickly to investigate and respond to this incident, assess the security of its systems, and notify potentially affected individuals. In response to this incident, IGG augmented its policies and procedures addressing network security. IGG accelerated the implementation of an enhanced managed Security Operations Center including the deployment of an endpoint detection and response platform in response to this event with policies enabled specially for ransomware. IGG immediately reset passwords and employees with privileged access to sensitive systems were enrolled into our multifactor authentication platform. IGG is also notifying potentially affected individuals so that they may take further steps to protect their information, should they feel it is appropriate to do so.
What Can Impacted Individuals Do? IGG established a dedicated assistance line for individuals seeking information regarding this incident. Individuals seeking additional information may call the toll-free assistance line at 1-833-559-1331. This toll-free number is available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding major U.S. holidays. Individuals may also write to IGG at Illinois Gastroenterology Group, PLLC, Attention: Chief Operating Officer, P.O. Box 7630, Gurnee, IL 60031.
Potentially affected individuals may also consider the information and resources outlined below. IGG encourages potentially impacted individuals to remain vigilant against identity theft and fraud by reviewing their account statements, credit reports, and explanation of benefits forms for suspicious activity and to report any suspicious activity promptly to their bank, financial institution, insurance company, health care provider, law enforcement, or their state Attorney General.
Steps You Can Take To Protect Your Personal Information
Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also directly contact the three major credit reporting bureaus listed below to request a free copy of their credit report.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If an individual is the victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should they wish to place a fraud alert, they may contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in an individual’s name without their consent. However, individuals should be aware that using a credit freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application they make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, an individual cannot be charged to place or lift a credit freeze on their credit report. To request a credit freeze, individuals will need to provide the following information:
Should individuals wish to place a credit freeze, they may contact the three major credit reporting bureaus listed below:
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788
Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013
Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013
TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094
Individuals may further educate themselves regarding identity theft, fraud alerts, credit freezes, and the steps they can take to protect their personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or their state Attorney General.
The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with it. Individuals can obtain further information on how to file such a complaint by way of the contact information listed above. Individuals have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, individuals will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and their state Attorney General. This notice has not been delayed by law enforcement.