The operator of a group of Chicago area fertility clinics has been hit with a class action lawsuit, accusing the Fertility Clinics of Illinois of failing to prevent, and then allegedly failing for months to notify patients of a data breach that allegedly allowed hackers to obtain personal health and identifying information for tens of thousands of patients.
On Jan. 28, attorneys with the firms of Branstetter Stranch & Jennings, of Nashville, Tennessee, and Cooney and Conway, of Chicago, filed a complaint in Cook County Circuit Court against FCI. The attorneys are representing named plaintiff Kristen Monegato, and a class of potentially more than 80,000 other plaintiffs.
According to the complaint, Monegato and the nearly 80,000 others were patients at FCI, undergoing invitro fertilization and other treatments. To be patients, according to the complaint, Monegato and others needed to provide FCI with a trove of personal information, including Social Security numbers, bank account numbers and credit and debit card numbers, as well as medical records and other personal health information.
According to its website, FCI operates clinic locations in Chicago and the suburban communities of Buffalo Grove, Glenview, Highland Park, Hinsdale, Hoffman Estates, Tinley Park and Warrenville.
According to the complaint, cybercriminals allegedly used an administrative account to access FCI’s databases in early February 2021, obtaining a “vast trove” of patient information.
According to the complaint, FCI, however, did not inform patients of the breach for months, as it then conducted an internal investigation into the manner and extent of the hack.
The complaint asserts FCI also did not disclose the breach to federal authorities until December 2021.
Then, the complaint claims FCI allegedly misled patients concerning the true extent of the breach, allegedly falsely claiming the hackers had not access patient medical records.
In the complaint, the plaintiffs assert the data breach and the alleged resulting failure to promptly report the breach has exposed Monegato and the nearly 80,000 other potentially affected patients to a high risk of identity theft, among other problems, as the valuable stolen information may continue to change hands online and on the “dark web.”
The complaint asserts this could leave the plaintiffs on the hook for potentially thousands of dollars in costs to control damage from such potential identity theft and other related problems stemming from the data breach.
The complaint accuses FCI of negligence, unjust enrichment, breach of contract and violation of the Illinois Personal Information Protection Act.
The plaintiffs are seeking unspecified damages, including punitive damages, against FCI.
They are represented by attorneys J. Gerard Stranch and Peter J. Jannace, of the Branstetter firm, and Kevin Conway, of Cooney & Conway.