MCG Health Hit with Class Action Over March 2022 Data Breach Affecting 1.1M Patients
by Erin Shaak
Strecker v. MCG Health, LLC
Filed: June 20, 2022 ◆§ 2:22-cv-00862
MCG faces a class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.
MCG Health, LLC faces a proposed class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.
The 37-page case claims that MCG, who provides patient care guidelines to healthcare providers and health plans, failed to adequately safeguard its data from unauthorized access. As a result, cybercriminals exfiltrated data from the defendant’s system during a roughly two-week period in March 2022, the lawsuit says.
Per the case, the compromised personal information was not encrypted and may have included patients’ names, Social Security numbers, medical codes, addresses, telephone numbers, email addresses, dates of birth and gender.
According to the suit, MCG’s failure to safeguard patients’ sensitive information was “particularly egregious” given the data breach was “highly foreseeable.”
The case says MCG discovered on March 25 that an unauthorized party had obtained certain information that “matched data stored on [the company’s] systems” by way of a “targeted attack” that was “expressly designed to gain access to and exfiltrate private and confidential data.”
Despite uncovering the breach in late March, MCG waited about three months before sending notice of the incident to those whose information was compromised, the lawsuit says.
“During this time, Plaintiff and Class Members were unaware that their sensitive personal identifying information had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the complaint states.
The plaintiff, a Slidell, Louisiana resident, says she received a data breach notification letter from MCG dated June 10, 2022, in which the defendant offered 12 months of identity monitoring services. According to the case, this offer is “wholly inadequate” to compensate the plaintiff and other data breach victims given they may face “multiple years of ongoing identity theft.” The lawsuit argues that the consequences of the data breach for those were affected are “long lasting and severe.”
The case looks to represent anyone MCG identified as among those affected by the data breach, including individuals who were sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.