Predict your next investment

DuPage Medical Group company logo
HEALTHCARE | Medical Facilities & Services / Specialized Healthcare Services
dupagemedicalgroup.com

See what CB Insights has to offer

Founded Year

1999

Stage

Unattributed | Alive

Total Raised

$263.08M

Last Raised

$13.08M | 3 yrs ago

Revenue

$0000 

About DuPage Medical Group

DuPage Medical Group (DMG) is a multi-specialty physician group in the Chicago area, providing physician-directed health care focused on quality, efficiency and access.

DuPage Medical Group Headquarter Location

1100 West 31st Street Suite 300

Downers Grove, Illinois, 60515,

United States

630-469-9200

Latest DuPage Medical Group News

Proposed Class-action Lawsuit Alleges Health System Failed to Heed Ransomware Warnings

Sep 17, 2021

Proposed Class Action Suit Filed After Breach Affecting 1.4 Million Marianne Kolbasuk McGee ( HealthInfoSec ) • September 15, 2021     A lawsuit against St. Joseph's/Candler alleges the health system failed to heed federal warnings of ransomware threats. A proposed class action lawsuit filed this week against St. Joseph's/Candler Health System in the wake of a recent ransomware breach affecting 1.4 million individuals alleges that the Georgia-based healthcare entity was "reckless" and "negligent" in safeguarding patients' information. The lawsuit , filed against St Joseph's/Candler on Tuesday in a federal Georgia court by patient Heather Betz on behalf of herself and others similarly situated, alleges, among other claims, that the entity failed to act on warnings by federal authorities and cybersecurity experts of the ransomware threats facing the sector. The lawsuit seeks damages and five years of credit and identity monitoring, as well as improvements to the healthcare system's data security. Savannah, Georgia-based St. Joseph’s/Candler is a 714-bed healthcare system that includes two hospitals and several other facilities. Advance Warnings The lawsuit notes that through 2020 and into early 2021, various federal agencies, including the Department of Health and Human Services, the Cybersecurity and Infrastructure Security Agency and the FBI had issued a number of alerts for hospitals and other healthcare sector entities warning of ransomware attacks, including those involving the Maze and Conti ransomware groups (see: U.S. Hospitals Warned of Fresh Wave of Ransomware Attacks ). "Despite repeated, explicit, detailed warnings as to the manner in which hackers were targeting hospitals' IT systems and how to prevent such attacks, the defendant maintained an IT system vulnerable to attacks from those very same cybercriminals," the complaint alleges. It says the data breach was the direct result of St. Joseph's/Candler's failure to implement security protocols that were adequate and reasonable. Additionally, despite concrete and specific instructions from federal agencies and cybersecurity experts, St. Joseph's/Candler failed to implement reasonable and necessary measures to monitor its IT and data systems to detect cybercriminals' intrusion into its network, the lawsuit alleges. Breach Details St. Joseph's/Candler's security incident notification statement notes that the entity on June 17 identified suspicious activity in its IT network. The healthcare provider says it "immediately" took steps to isolate and secure its systems, notify law enforcement authorities and launch an investigation with the assistance of cybersecurity firms. St Joseph's/Candler says its investigation determined that the incident resulted in an unauthorized party gaining access to the organization's IT network between Dec. 18, 2020, and June 17, 2021. "While in our IT network, the unauthorized party launched a ransomware attack that made files on our systems inaccessible," the entity said in its statement. Potentially compromised files contained patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member IDs, medical record numbers, dates of service, provider names and treatment information, the statement says. 'Coup de Grâce' Attack From the time the unauthorized access to St. Joseph's/Candler's IT network began in December 2020, cybercriminals were allowed months "to roam freely and undetected" in the entity's network, putting individuals' personally identifiable information and protected health information at risk for identity theft , fraud and other cybercrimes, the lawsuit alleges. The suspicious activity detected on June 17 was the "coup de grâce" - or death blow - of the hackers' six-month attack, the complaint alleges. "They were holding the hospital system's IT systems hostage, demanding an as-yet-unknown payment in order to release their hold on the system." Slow Recovery The lawsuit alleges that all of St. Joseph's/Candler's IT systems went down at 4 a.m. on June 17, including its electronic medical records and VoIP phones. It took more than two weeks for St. Joseph's/Candler "to slowly come back online," the lawsuit alleges. The complaint alleges negligence, breach of contract, breach of fiduciary duty and violations of Georgia laws, including its unfair business practice laws, among other claims. St. Joseph's/Candler did not immediately respond to an Information Security Media Group request for comment on the lawsuit and its allegations. Other Incidents As of Wednesday, the St. Joseph's/Candler incident was the sixth-largest HIPAA breach posted in 2021 on the Department of Health and Human Services' HIPAA Breach Reporting Tool website listing health data breaches affecting 500 or more individuals (see: Health Data Breach Tally Update: Ransomware Persists ). St. Joseph's/Candler is among the latest healthcare entities to face proposed class action lawsuits in the wake of large health data breaches in 2021. For instance, on Sept. 1, a lawsuit was filed against DuPage Medical Group following a July "network outage" resulting in the suburban Chicago medical practice reporting a health data breach to HHS affecting more than 655,000 individuals (see: Lawsuit Alleges Security Failures at Clinic ). DuPage Medical Group has not publicly confirmed whether its network outage also involved ransomware. But like the lawsuit against St. Joseph's/Candler, the legal action against DuPage Medical Group alleges a variety of security failures by the medical practice.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

DuPage Medical Group Patents

DuPage Medical Group has filed 1 patent.

patents chart

Application Date

Grant Date

Title

Related Topics

Status

3/13/2013

Health informatics, Electronic health records, Medical terminology, Healthcare occupations, Telehealth

Application

Application Date

3/13/2013

Grant Date

Title

Related Topics

Health informatics, Electronic health records, Medical terminology, Healthcare occupations, Telehealth

Status

Application

DuPage Medical Group Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

DuPage Medical Group Rank

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.