MCG Health, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In March 2022, MCG Health, LLC, a Seattle-based company that provides patient care guidelines to healthcare providers and health plans using artificial intelligence and clinical expertise, suffered a significant data breach. This incident resulted in unauthorized access to personal information of approximately 1.1 million individuals, although discrepancies in reporting have noted figures around 793,283 individuals[1][2]. The compromised data included sensitive information such as names, Social Security numbers, medical codes, addresses, phone numbers, email addresses, dates of birth, and gender[2].

Following the breach, MCG Health faced legal challenges, including a proposed class lawsuit for failing to adequately protect patient information and for the delay in notifying affected individuals[2][13]. The lawsuit criticized MCG Health for not encrypting the compromised data and for the time it took to inform those impacted, which was approximately three months after discovering the breach[2][13]. The legal actions highlight concerns over MCG Health’s data security practices and the potential risks of identity theft and other harms to the individuals whose information was exposed[2][13].

MCG Health responded to the breach by engaging a forensic investigation firm, coordinating with law enforcement, and enhancing their system’s security[1]. They also offered identity protection and credit monitoring services to affected individuals[12]. Despite these measures, the breach has had a significant impact, with multiple healthcare organizations and thousands of patients affected across the United States[5][8].

The incident underscores the ongoing challenges and importance of cybersecurity within the healthcare sector, emphasizing the need for robust data protection measures to safeguard sensitive patient information against unauthorized access and cyberattacks[2][5].

Citations:

  1. https://healthitsecurity.com/news/mcg-health-data-breach-impacts-8-organizations-793k-individuals
  2. https://www.securityweek.com/mcg-health-faces-lawsuit-over-data-breach-impacting-11-million-individuals/
  3. https://news.bloomberglaw.com/privacy-and-data-security/mcg-health-pares-down-claims-in-sprawling-data-breach-class-suit
  4. https://www.bankinfosecurity.com/mcg-lawsuits-a-19450
  5. https://iapp.org/news/a/breach-of-seattles-mcg-health-exposed-more-than-a-million-patients-personal-data/
  6. https://www.law360.com/healthcare-authority/articles/1504385/health-tech-co-hit-with-class-action-over-data-breach
  7. https://www.businesswire.com/news/home/20220610005006/en/Notice-Provided-to-Individuals-Regarding-MCG-Data-Security-Incident
  8. https://www.hipaajournal.com/june-2022-healthcare-data-breach-report/
  9. https://www.databreaches.net/wa-mcg-health-notifies-patients-and-health-plan-members-of-data-breach/
  10. https://www.witn.com/2022/06/20/patient-records-unc-lenoir-health-care-hacked/
  11. https://www.govinfosecurity.com/lawsuits-in-wake-mcg-health-data-breach-start-piling-up-a-19450
  12. https://journalstar.com/business/local/chi-health-says-cybersecurity-breach-may-have-exposed-some-patients-data/article_8820b79d-9b2a-5a21-b77d-eb8fc3690541.html
  13. https://www.classaction.org/news/mcg-health-hit-with-class-action-over-march-2022-data-breach-affecting-1-1m-patients
  14. https://casetext.com/case/in-re-mcg-health-data-sec-issue-litig-4
Breach Submission Date Jun 10, 2022
Converted Entity Name MCG Health, LLC
Converted Entity Type Business Associate
State WA
Individuals Affected 793,283
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes