Super Lawyers
Illinois State Bar Association
Justia Lawyer Rating
Million Dollar Advocates Forum
Avvo Rating
BBB Accredited Business

Chicago Hospital Data Breach Lawyer

hospital-medical-record-data-breach-lawyerWas your personal data stolen from hackers or others who violated HIPAA regulations to protect your private medical data? Contact the experienced Chicago, Illinois personal injury attorneys at Rosenfeld Injury Lawyers, LLC today at (888) 424-5757 (toll-free phone call).

You may have legal rights to obtain financial compensation by filing a claim or participating in a class-action lawsuit. Our legal team charges no legal fees until we have successfully obtained compensation on your behalf through a negotiated settlement or jury trial award.

Medical privacy is a significant concern for most patients receiving care at the doctor’s office, hospital, or outpatient facility. Federal and state agencies have worked to protect patients’ medical data from theft in the organization and a privacy security breach through the computer system.

Years ago, Congress enacted the Health Insurance Portability and Accountability Act (HIPPA) that, with the Illinois Personal Information Protection Act, protects every individual’s confidential medical information that safeguards private contact info, social security numbers, birthdates, and medical information.

These rules clearly define how all care industry professionals can access, use, and disclose private and medical information.

Personal Information Stolen

In recent years, hackers have penetrated hospital computer servers containing patients’ private info. The breach invades data privacy, stealing names, addresses, social security numbers, email addresses, and a lifetime of medical records.

For over two decades, the federal government has moved toward a paperless system, where medical records are maintained digitally instead of hard copy paper records. All hospitals, doctors’ offices, outpatient centers, nursing homes, and rehabilitation facilities must follow best practices and ensure compliance with these new regulations.

While the advancing technology has improved the medical care system, it has exposed crucial problems when hackers can commit fraud and steal millions of records. Tapping into the company computer servers provides a treasure trove of patients’ names, birthdates, social security numbers, laboratory test results, medical treatments, surgeries, and hospital records.

Data Security Compromised

In 2013, a breach at the Park Ridge, Illinois Advocate Medical Group administration building resulted in the theft of four computers containing patient info.

In late 2020, OSF Healthcare System released a statement involving a computer data security breach impacting over ten million patients at various Illinois and Michigan facilities. The breach likely affected the organization’s medical group, nursing facilities, and hospital system that share info with fourteen hospitals.

Reports indicate that the breach occurred from the beginning of February until May 20, 2020, exposing patient info, involving names, addresses, phone numbers, email addresses, dates of birth, treating physicians and facilities, service departments, medical record numbers, and room numbers.

A similar cybercrime occurred in September 2020 involving Northshore Health Systems, affecting nearly 350,000 individuals whose info was stolen from care providers. The hospital system notified patients confirming that these hackers did not access patient social security numbers.

Federal Government Data Breach Enforcement Action

In 2017, the United States HHS (Department of Health and Human Services) announced an enforcement action involving HIPPA (Health Insurance Portability and Accountability Act) violation by not notifying authorities that protected private info had been breached.

The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) required immediate notification of any fraud or cyberattack that compromises protected private consumer info.

The announcement involved Presence Health Network, a Chicago, IL-based care system operating over 150 locations, with twenty-seven long-term nursing centers, senior living facilities, and eleven hospitals.

Hospital officials agreed to a $475,000 fine to resolve potential HIPPA violations. While the breach occurred in the fall of 2013, Presence Health Network failed to report the infringement on data privacy to federal authorities until the end of January 2014.

Records show that the breach occurred in Joliet, Illinois, at the Presence St. Joseph Medical Center – Surgery Center. The info stolen contained patients’ names, medical record numbers, birthdates, procedure dates, surgeon names, procedure types, and anesthesia procedures.

Data Privacy and the Illinois Personal Information Protection Act

The state legislature passed the far-reaching Illinois Personal Information Protection Act (PIPA) in mid-2005, taking effect on January 1, 2006. At that time, the state was only second in the country responding to data breaches involving hackers and others robbing individuals and companies of private data. (815 ILCS 530/)

The law protects private paper copy and computer systems data that hold info, including an individual’s:

  • First/Last Name and middle initial
  • State identification number/driver’s license number
  • Medical insurance info
  • Debit and credit card numbers
  • Any biometric data that are unique to the individual, including a fingerprint, iris image, retina scan, or another exclusive physical or digital representation

Am I the Victim of a Data Breach? Was My Information Stolen?

Data breaches have occurred nationwide, including in the upper Midwest in Illinois, Wisconsin, Missouri, Michigan, Ohio, Indiana, and Pennsylvania. Many of these cases are still under investigation by federal and state authorities.

Some cases are now part of class-action lawsuits filed by patients robbed of their private info given or sold to a third-party.

Do you suspect that you are part of a hospital data breach and someone, company, or business stole your private data from the hospital computer system? You likely have the right to file a civil lawsuit and file a claim for damages.

You may be experiencing stress caused by the invasion of your private info and the need to clear your name caused by the infringement of your right to data privacy and security. Your credit card info may be available online for purchase or used by unauthorized individuals/businesses.

If you believe that your data privacy was compromised, you have legal rights. Contact our law office today to minimize your risk of further damage.

Hospital Data Breach FAQs

Our Chicago, IL personal injury attorneys understand that you likely have many unanswered questions concerning a private info breach where your records were stolen. Call us today at (888) 424-5757 for information on any questions not answered below.

Can You sue a Hospital for Data Breach?

An organization’s negligence involving a lapse in required cybersecurity could lead to a hospital information privacy breach where hackers steal guarded data and private medical records. Victims of a privacy information breach might be able to file a liability lawsuit against the provider or hospital network responsible for protecting and securing consumer info.

Can You sue Someone for Disclosing Medical Information?

Hospitals, nursing homes, doctors’ offices, health care providers, doctors, nurses, and technicians, gather private medical records to provide care to their patients. The private data must be held securely to remain confidential and accessed and used following HIPPA regulations.

According to regulations, disclosure of a patient’s private information, including their condition, prognosis, treatment, medications, or care without proper authority, is a violation. While the federal government and state may press charges and levy fines, the victim has only civil remedies, including filing a claim or lawsuit for financial compensation to recover their damages.

What Kind of Attorney Handles HIPAA Violations?

Typically, law firms represent victims of HIPAA violations to hold the doctor, nurse, nursing facility, pharmacy, hospital, or health home agency liable through civil litigation.

Many of these cases are built on negligence, involving:

  • Lack of employee training
  • Unsecured or unencrypted patient records
  • Improperly disposal of electronically protected health info (ePHI)
  • Informational storage devices, including computers and servers that were lost or stolen
  • HIPAA violation consequences were Medicare/Medicaid officials have levied fines for severe penalties after an investigation

What is the Most Common Breach of Confidentiality?

Hospitals, nursing homes, health care providers, doctors’ offices, doctors, nurses, and other providers can breach a patient’s confidentiality by violating HIPAA regulations and breaking confidentiality laws.

Hackers worldwide continued to break into corporate database systems, compromising privacy and data security laws. Alternatively, breaching confidentiality usually involves two categories: unsecured access to electronic personal records and employee errors.

What is not Protected Health Information?

HIPPA (Health Insurance Portability and Accountability Act) provides guidelines and policies and protects and regulates all personally identifiable health info (PHI – Protect the Health Information). Health care professionals, insurance companies, and others are responsible for following best practices and protecting the private health info they collect.

These entities include:

  • Healthcare clearinghouse industries
  • Hospitals, clinics, and outpatient centers
  • Dental and doctor offices
  • Psychology and psychiatry clinics
  • HMOs and health plans
  • Insurance industry
  • Vendors, subcontractors, and associate businesses providing related services requiring access to protected health info

The information that is not part of Personal Health Information includes employment records without a direct link to hospital records. Additionally, all personally identifiable information not associated with health data is also not considered Protected Health Information, like a blood sugar level reading or heart rate reading not connected to protected records.

What Happens if Your HIPAA Rights are Violated?

All hospitals, medical professionals, insurance companies, vendors, and subcontractors with access to private protected health info can be subjected to criminal prosecution, fines, and imprisonment for violating HIPAA regulations. Typically, federal and state regulators will investigate formal complaints or conduct on-site surveys to identify any HIPAA violation, abuse, neglect, or mistreatment.

Any provider sharing private protected information without the patient’s permission has violated privacy laws. However, another's law violation does not give the victim the right to file a civil lawsuit or ask for compensation.

Request a Free Consultation to Discuss Your Compromised Personal Health Information to Receive Compensation

Did a hospital, doctor’s office, or other caregiving professional notify you that your private health data was compromised? Do you know if that information was sold, used, or given to others without your permission or written consent?

You are likely entitled to file a liability claim against the organization or individual responsible for the data breach due to their negligence and safely securing your private data. Contact us today at (888) 424-5757 or fill out the contact form to discuss a potential litigation case.

Our Chicago legal team will provide counsel and investigate the data breach to determine the value of your claim. Our lawyers never charge our clients an upfront fee. Every client pays for our litigation and negotiation services after we have secured a financial compensation settlement or jury trial award.

Our law office has years of experience in dealing with all civil law issues in practice areas that include providing counsel and litigation services involving malpractice, info theft, car accidents, construction injuries, product liability, harmful drugs, premises liability, and wrongful death cases


Client Reviews
Jonathan Rosenfeld was professionally objective, timely, and knowledgeable. Also, his advice was extremely effective regarding my case. In addition, Jonathan was understanding and patient pertaining to any of my questions or concerns. I was very happy with the end result and I highly recommend Jonathan Rosenfeld. Michonne Proulx
Extremely impressed with this law firm. They took control of a bad motorcycle crash that left my uncle seriously injured. Without any guarantee of a financial recovery, they went out and hired accident investigators and engineers to help prove how the accident happened. I am grateful that they worked on a contingency fee basis as there was no way we could have paid for these services on our own. Ethan Armstrong
This lawyer really helped me get compensation for my motorcycle accident case. I know there is no way that I could have gotten anywhere near the amount that Mr. Rosenfeld was able to get to settle my case. Thank you. Daniel Kaim
Jonathan helped my family heal and get compensation after our child was suffered a life threatening injury at daycare. He was sympathetic and in constant contact with us letting us know all he knew every step of the way. We were so blessed to find Jonathan! Giulia
Jonathan did a great job helping my family navigate through a lengthy lawsuit involving my grandmother's death in a nursing home. Through every step of the case, Jonathan kept my family informed of the progression of the case. Although our case eventually settled at a mediation, I really was impressed at how well prepared Jonathan was to take the case to trial. Lisa