in Newswire Published on June 22, 2022

MCG Health Hit with Class Action Over March 2022 Data Breach Affecting 1.1M Patients

by Erin Shaak

View Comments

Strecker v. MCG Health, LLC

Filed: June 20, 2022 § 2:22-cv-00862

Read Complaint

MCG faces a class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.

Defendant(s)

MCG Health, LLC

Law(s)

Washington Consumer Protection Act

State(s)

Washington

Categories

Privacy Data Breach

MCG Health, LLC faces a proposed class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.

The 37-page case claims that MCG, who provides patient care guidelines to healthcare providers and health plans, failed to adequately safeguard its data from unauthorized access. As a result, cybercriminals exfiltrated data from the defendant’s system during a roughly two-week period in March 2022, the lawsuit says.

Per the case, the compromised personal information was not encrypted and may have included patients’ names, Social Security numbers, medical codes, addresses, telephone numbers, email addresses, dates of birth and gender.

According to the suit, MCG’s failure to safeguard patients’ sensitive information was “particularly egregious” given the data breach was “highly foreseeable.”

The case says MCG discovered on March 25 that an unauthorized party had obtained certain information that “matched data stored on [the company’s] systems” by way of a “targeted attack” that was “expressly designed to gain access to and exfiltrate private and confidential data.”

Despite uncovering the breach in late March, MCG waited about three months before sending notice of the incident to those whose information was compromised, the lawsuit says.

“During this time, Plaintiff and Class Members were unaware that their sensitive personal identifying information had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the complaint states.

The plaintiff, a Slidell, Louisiana resident, says she received a data breach notification letter from MCG dated June 10, 2022, in which the defendant offered 12 months of identity monitoring services. According to the case, this offer is “wholly inadequate” to compensate the plaintiff and other data breach victims given they may face “multiple years of ongoing identity theft.” The lawsuit argues that the consequences of the data breach for those were affected are “long lasting and severe.”

The case looks to represent anyone MCG identified as among those affected by the data breach, including individuals who were sent notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on June 22, 2022 — 4:49 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.