MCG Health, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In March 2022, MCG Health, LLC, a Seattle-based company that provides patient care guidelines to healthcare providers and health plans using artificial intelligence and clinical expertise, suffered a significant data breach. This incident resulted in unauthorized access to personal information of approximately 1.1 million individuals, although discrepancies in reporting have noted figures around 793,283 individuals[1][2]. The compromised data included sensitive information such as names, Social Security numbers, medical codes, addresses, phone numbers, email addresses, dates of birth, and gender[2].
Following the breach, MCG Health faced legal challenges, including a proposed class lawsuit for failing to adequately protect patient information and for the delay in notifying affected individuals[2][13]. The lawsuit criticized MCG Health for not encrypting the compromised data and for the time it took to inform those impacted, which was approximately three months after discovering the breach[2][13]. The legal actions highlight concerns over MCG Health’s data security practices and the potential risks of identity theft and other harms to the individuals whose information was exposed[2][13].
MCG Health responded to the breach by engaging a forensic investigation firm, coordinating with law enforcement, and enhancing their system’s security[1]. They also offered identity protection and credit monitoring services to affected individuals[12]. Despite these measures, the breach has had a significant impact, with multiple healthcare organizations and thousands of patients affected across the United States[5][8].
The incident underscores the ongoing challenges and importance of cybersecurity within the healthcare sector, emphasizing the need for robust data protection measures to safeguard sensitive patient information against unauthorized access and cyberattacks[2][5].
Citations:
- https://healthitsecurity.com/news/mcg-health-data-breach-impacts-8-organizations-793k-individuals
- https://www.securityweek.com/mcg-health-faces-lawsuit-over-data-breach-impacting-11-million-individuals/
- https://news.bloomberglaw.com/privacy-and-data-security/mcg-health-pares-down-claims-in-sprawling-data-breach-class-suit
- https://www.bankinfosecurity.com/mcg-lawsuits-a-19450
- https://iapp.org/news/a/breach-of-seattles-mcg-health-exposed-more-than-a-million-patients-personal-data/
- https://www.law360.com/healthcare-authority/articles/1504385/health-tech-co-hit-with-class-action-over-data-breach
- https://www.businesswire.com/news/home/20220610005006/en/Notice-Provided-to-Individuals-Regarding-MCG-Data-Security-Incident
- https://www.hipaajournal.com/june-2022-healthcare-data-breach-report/
- https://www.databreaches.net/wa-mcg-health-notifies-patients-and-health-plan-members-of-data-breach/
- https://www.witn.com/2022/06/20/patient-records-unc-lenoir-health-care-hacked/
- https://www.govinfosecurity.com/lawsuits-in-wake-mcg-health-data-breach-start-piling-up-a-19450
- https://journalstar.com/business/local/chi-health-says-cybersecurity-breach-may-have-exposed-some-patients-data/article_8820b79d-9b2a-5a21-b77d-eb8fc3690541.html
- https://www.classaction.org/news/mcg-health-hit-with-class-action-over-march-2022-data-breach-affecting-1-1m-patients
- https://casetext.com/case/in-re-mcg-health-data-sec-issue-litig-4