The following organizations are already known to be impacted by the breach, but others may be affected: MCG first learned of the breach on Mabut didn’t inform companies and individuals with this notice until Jthat their information was compromised. The personal data affected by the breach included information such as social security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth and gender. The lawsuits seek class action certification, compensatory and punitive damages, pre- and post-judgment interest, attorney’s fees and costs, and other relief, and call for MCG Health to make significant improvements to security, including encrypting all data, conducting regular penetration tests, employing data segmentation, improving logging and monitoring, appointing a third-party assessor to conduct annual SOC 2 Type 2 attestations for 10 years, and to cease storing personally identifiable patient information in cloud databases.MCG Health, LLC, a healthcare technology company that provides services to a long list of healthcare systems including healthcare plans and hospitals, recently suffered a data breach wherein an unauthorized party obtained the personal identifying information (PII) of more than 1 million patients across the country. Similar claims are made in Thorbecke et al v. Plaintiff Cynthia Strecker claims to have suffered anxiety and emotional distress due to the data breach and has increased concerns for the loss of her privacy. The lawsuits allege the affected plaintiffs have suffered lost time, annoyance, interference, and inconvenience as a result of the data breach, and now that their protected health information is in the hands of criminals, they face a substantial present risk of identity theft and fraud, and that risk will continue to increase for years to come. It then took more than 2 months for notifications to be issued to affected individuals. MCG Health alleges the data breach occurred more than two years before it was detected by MCG Health, and that hackers gained access to MCG Health systems and exfiltrated data around February 25 to 26, 2020, and that the breach date of March 25, 2022, on the MCG Health notifications is when MCH Health discovered that sensitive files had been infiltrated. MCG Health, alleges the hackers had access to MCG Health systems for at least two weeks before the breach was detected however, Booth v. The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant. The lawsuits make similar claims and allege negligence, invasion of privacy, bailment, breach of implied contract, breach of confidence, and a violation of the Washington Consumer Protection Act.
So far at least five lawsuits have been filed against MCG Health in the District Court for the Western District of Washington over the data breach. Notification letters were sent to affected individuals on June 10, 2022, and 2 years of complimentary credit monitoring and identity theft protection services have been offered to affected individuals. MCG Health said it discovered on May 25, 2022, that files had been removed from its systems that included names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and genders. The breach notification issued to the Maine Attorney General indicates the protected health information of up to 1.1 million patients was potentially obtained by an unauthorized third party in the attack.
The data breach was reported to the HHS’ Office for Civil Rights on June 10 as affecting 793,283 individuals, but some affected healthcare organizations have self-reported the breach.
Multiple class action lawsuits have been filed against the Seattle-based Hearst Health subsidiary, MCG Health, over a data breach that has affected at least 10 healthcare organizations including Indiana University Health, Lenoir Health Care, Phelps Health, and Jefferson County Health Center. Multiple Class Action Lawsuits Filed Against MCG Health Over Data Breach
0 kommentar(er)
