MCG Health, LLC offers patient care guidelines to health companies, including providers and health plans. The complaint for this class action brings suit against MCG for maintaining the private patient information in its systems “in a reckless manner” and not taking adequate measures to safeguard the information from cybercriminals, leading to a data breach in 2022.
Two classes have been proposed for this action:
- The Nationwide Class is all US residents whose private information was accessed during the data breach event that was the subject of the Notice of Data Breach MCG Health sent out on or around June 10, 2022.
- The Washington Class is all Washington residents whose private information was accessed during the data breach event that was the subject of the Notice of Data Breach MCG Health sent out on or around June 10, 2022.
The data breach occurred on or about February 25 and 26, 2022, but the complaint alleges MCG did not discover it until around March 10, 2022 and did not notify the affected individuals until June 10, 2022.
The complaint claims the data breach compromised the information of 1.1 million people, including names, Social Security numbers, medical codes, addresses, dates of birth, and other information, including protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
According to the complaint, “[t]he Data Breach was a direct result of [MCG’s] failure to implement adequate and reasonable cyber-security procedures and protocols necessary to protect patients’ and employees Private Information.” It also claims that MCG did not properly monitor its systems, and that if it had, it would have discovered the data breach sooner “as opposed to letting cyberthieves roam freely in [MCG’s] network for nearly two full weeks.”
The complaint alleges that the risk of a data breach was foreseeable and that MCG did not take adequate security measures to protect the “sensitive, unencrypted” information it stored in its systems.
It further claims that MCG did not comply with guidelines the Federal Trade Commission publishes for businesses, with industry standards to prevent cyberattacks, with recommendations from the US Cybersecurity & Infrastructure Security Agency, or with the measure recommended by the Microsoft Threat Protection Intelligence Team. It lists pages of the measures it claims that MCG should have taken to protect the information it maintained.
The data breach has put patients at risk of identity theft, including using the stolen information to get medical treatment, obtain government benefits, and file fraudulent tax returns, among other things.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
MCG Health Compromise of Patient Information Complaint
July 1, 2022
MCG Health, LLC offers patient care guidelines to health companies, including providers and health plans. The complaint for this class action brings suit against MCG for maintaining the private patient information in its systems “in a reckless manner” and not taking adequate measures to safeguard the information from cybercriminals, leading to a data breach in 2022.
MCG Health Compromise of Patient Information ComplaintCase Event History
MCG Health Compromise of Patient Information Complaint
July 1, 2022
MCG Health, LLC offers patient care guidelines to health companies, including providers and health plans. The complaint for this class action brings suit against MCG for maintaining the private patient information in its systems “in a reckless manner” and not taking adequate measures to safeguard the information from cybercriminals, leading to a data breach in 2022.
MCG Health Compromise of Patient Information Complaint