Medical group sued for theft of four computers containing 4 million patient files

The suit against Advocate Medical Group claims the company did not do enough to protect patient privacy following the breach. The personal information allegedly was maintained on insecure, non-encrypted computers.

iHealthBeat reports that the incident is the second biggest HIPAA breach ever reported. It affected patients who saw physicians as far back as the early 1990s.

The machines held patient names, addresses, birth dates, Social Security numbers and some insurance information, but not medical records. 

"Although we are unable to comment specifically on active litigation matters, we want to reassure our patients that we do not believe the data was targeted and we have no information that leads us to believe that the information has been misused," said Kelly Jo Golson, Advocate’s senior vice president of public affairs and marketing.

The health system began sending letters to affected patients on Aug. 23.

The victims include individuals who visited any of the group’s 1,000 doctors working at more than 200 locations throughout Illinois.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.