A recent court filing has brought to light a massive data breach at a prominent pediatric hospital, affecting hundreds of thousands of patients. On July 3, 2024, Nicole Demonte filed a class action complaint in the United States District Court for the Northern District of Illinois against Ann & Robert H. Lurie Children’s Hospital of Chicago.
The lawsuit, representing minors A.D., N.D., I.D., and N.S.D., alleges that Lurie Children’s failed to implement adequate data security measures, leading to a cyberattack in January 2024. This breach reportedly exposed the personal and medical information of approximately 800,000 patients. The compromised data includes names, addresses, dates of birth, Social Security numbers, and medical records. A criminal group named Rhysida claimed responsibility for the attack and allegedly sold the stolen data on the Dark Web for $3.4 million.
According to the complaint, Lurie Children’s delayed notifying affected individuals about the breach and provided insufficient details regarding its cause and preventive measures taken afterward. Plaintiffs argue that this delay exacerbated their risk of identity theft and fraud. They accuse Lurie Children’s of negligence and failure to comply with industry standards and federal laws such as HIPAA (Health Insurance Portability and Accountability Act). The plaintiffs seek damages for financial losses, emotional distress, and costs incurred from protective measures like credit monitoring.
The case is being handled by attorneys representing both parties before Judge [Judge's Name], under Case ID 1:24-cv-05638.