Illinois Appellate Court Rules Advocate Data Breach Case to Proceed
Clifford Law Offices Provides Free CLE Program Clifford Law Offices is hosting its annual Continuing Legal Education Program on Thursday, February 20, 2025, at 2:30 p.m. CST. Register now.
Free Consultation (312) 899-9090
Select Language

    Illinois Appellate Court Rules Advocate Data Breach Case to Proceed

    Contact Us
    Posted on January 28, 2019 To

    An Illinois appellate court recently ruled that a class action can move forward against Advocate Health and Hospitals Corp., for the theft of millions of patients’ private information including medical issues and social security numbers.

    Clifford Law Offices is serving as co-lead counsel in the matter against the major health care provider that stored unencrypted data containing the full names, addresses, birth dates, social security numbers, medical histories, medical diagnoses and health insurance information stored on computers in an office that was burglarized.

    Four desktop computers containing this private and sensitive information of four million people was stolen from Advocate’s Park Ridge office in July, 2013.

    The appellate court held on Dec. 24, 2018, that the consolidated complaints indeed stated a cause of action founded on an implied contract theory as a result of the identity theft. It reversed, in part, the trial court.

    Plaintiffs alleged that Advocate had a duty to protect its patients’ private information as it had promised them through agreements that patients had expected and paid for.

    “By accepting Advocate’s privacy policy in exchange for providing their sensitive information, plaintiffs accepted Advocate implicit and inescapable representation that Advocate would do something to protect that information,” the court wrote (emphasis in original). “It can be implied from the parties’ relationship that Advocate would take some steps to ensure that plaintiffs’ sensitive information would be shielded in some manner to prevent unauthorized disclosure of that information. In other words, plaintiffs’ allege that there was a meeting of the minds that plaintiffs’ sensitive information was sensitive and would be kept safe. The facts and circumstances surrounding the exchange of plaintiffs’ sensitive information could give rise to a contract implied in fact that Advocate would take some measures to ensure that plaintiffs’ sensitive information would not be disclosed to unauthorized third parties.”

    The appellate court of three justices also found that plaintiffs may be entitled to damages for unjust enrichment, something that will be left to discovery and proof at trial.

    “We intend to move full steam ahead on this matter on behalf of the millions of patients who suffered loss of their sensitive information through no fault off their own,” said Shannon M. McNulty, partner at Clifford Law Offices and head of the firm’s class action/mass tort practice area. “These cases are very complicated and take time, and we appreciate the patience of those who have been waiting for an answer regarding Advocate’s actions in relation to the stolen unencrypted data.”

    Case name: Lozada and Krasick, et. al., v. Advocate Health & Hospitals Corp.
    File No. 1-18-0320
    Decided: Dec. 24, 2018