DOWNERS GROVE, IL — A class action lawsuit has been filed against DuPage Medical Group (DMG) just days after the health care system announced a data breach that may have exposed names, addresses, birthdates and medical information of 600,000 patients.

Some patients may also have had their social security numbers compromised in the security breach.

The lawsuit was filed Sept. 1 by Keller Lenkner LLC on behalf of patients Rochelle Hestrup and Erin Peiss. The complaint alleges that plaintiffs and class members "suffered ascertainable losses from the loss of the value in their private and confidential information, loss of the benefit of their contractual bargain, out-of-pocket expenses and the value of their time reasonably incurred to remedy or mitigate the effects of the attack."

Find out what's happening in Wheaton with free, real-time updates from Patch.

The lawsuit further contends that the data breach occurred because DuPage Medical Group neglected to sufficiently safeguard patient information and failed to provide "timely and adequate notification of precisely what information was accessed and stolen."

Related: Data Breach May Have Exposed Patient Information: DuPage Medical

Find out what's happening in Wheaton with free, real-time updates from Patch.

After experiencing a network outage that began around July 12 and lasted several days, DuPage Medical Group discovered the outage had been caused by "unauthorized actors" who were able to access the network. On Aug. 17, DMG was made aware that patient information may have been compromised during the incident. DMG announced the data breach publicly Monday.

"DMG remains committed to delivering exceptional care for our patients. Our physicians and team members will continue to put patient care first," DMG spokesperson Lisa Lagger told Patch Monday via email as news of the data breach broke.

The health care system said it is sending letters to patients who may have been impacted by the incident and plans to provide free identity theft protection and credit monitoring to affected patients.

The lawsuit seeks that plaintiffs Hestrup and Peiss, in addition to other "similarly situated individuals whose private information was accessed and/or removed from the network during the data breach," receive reimbursement for compensatory damages and out-of-pocket costs. The complaint also requests DMG take action to improve its data security systems.

The rules of replying:

  • Be respectful. This is a space for friendly local discussions. No racist, discriminatory, vulgar or threatening language will be tolerated.
  • Be transparent. Use your real name, and back up your claims.
  • Keep it local and relevant. Make sure your replies stay on topic.
  • Review the Patch Community Guidelines.