Advocate Medical Group
has experienced a theft of four encrypted computers which may have exposed information of 4 million of their patients. A class action lawsuit has been filed against the group, stating that the data breach has put its victims at risk for identity theft and fraud, though no evidence shows that any patient has been subject to ID fraud. This suit alleges that Advocate's failure to safeguard and secure their data has put these individuals at risk. It is important to note that there is no evidence any patient has been subject to fraud and the class action lawsuit was filed based on victims being put at risk.
The organization has published statements, including this one on their website, that include deeply regretting inconvenience caused to the patients who entrusted them with their care.
Under Section 13402(e)(4) of the HITECH Act, breaches of unsecured protected health information affecting 500 or more individuals must be posted on what has become known as the “wall of shame." Advocate Medical Group will regretfully make the cut.
This post was written by Brenda Brigman, Executive Vice President of CBIZ Security & Advisory Services, LLC. Brenda is responsible for performing Payment Card Industry Data Security Standard compliance assessments (PCI-DSS), IT SOX testing, HIPAA, ISO, network security reviews and IT risk assessments including assessing and testing the level of IT security over infrastructure components and application integrated controls.
Visit www.cbiz.com/pci for more information regarding CBIZ Security & Advisory Services, LLC and contact Karen Cassella (email@example.com), Executive Vice President, CBIZ SAS at (901) 685-5575 or email the CBIZ SAS team at firstname.lastname@example.org.