MCG Health Hit with Class Action Over March 2022 Data Breach Affecting 1.1M Patients [UPDATE]
by Erin Shaak
Last Updated on October 28, 2024
Strecker v. MCG Health, LLC
Filed: June 20, 2022 ◆§ 2:22-cv-00862
MCG faces a class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.
October 28, 2024 – Court Grants Final Approval to $8.8M MCG Data Breach Settlement
The $8.8 million MCG data breach settlement detailed below received final approval from the Seattle court on October 9, 2024.
Get the latest information about the MCG data breach settlement.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
June 28, 2024 – MCG Health Data Breach Lawsuit Settled for $8.8 Million
MCG Health has agreed to an $8.8 million settlement to resolve the proposed class action lawsuit detailed on this page.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
The deal, which the court preliminarily approved on May 1, 2024, covers any U.S. resident whose personal and/or health information was accessed or acquired during the MCG Health data breach discovered around March 25, 2022.
The plaintiffs’ unopposed motion for preliminary settlement approval reveals that approximately 1.1 million individuals are covered by the MCG Health data breach settlement, and class members should have already received notice of the deal.
Class members have until September 30, 2024 to file a claim for benefits, which they can do by mail or online at the official MCG Health data breach lawsuit settlement website, MCGDataSettlement.com.
Class members can submit a claim for reimbursement for documented expenses incurred as a result of the breach, including up to $1,500 for documented “ordinary” losses, such as out-of-pocket credit monitoring costs or losses related to fraud or identity theft, and up to $10,000 for extraordinary losses.
To file a claim online, head to this page and enter the class member ID provided on the notice you received.
Alternatively, covered individuals can file a claim to receive a pro-rated cash payment from the settlement fund. Each class member is also entitled to three years of free credit monitoring and identity theft protection services, court documents say.
Finally, as part of the deal MCG Health has also agreed to implement and maintain measures to enhance its cybersecurity.
The website relays that payments will be distributed to eligible class members if and when the court grants final approval to the deal, and after any objections or appeals are resolved. A final approval hearing is scheduled for September 13, 2024.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
MCG Health, LLC faces a proposed class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.
The 37-page case claims that MCG, who provides patient care guidelines to healthcare providers and health plans, failed to adequately safeguard its data from unauthorized access. As a result, cybercriminals exfiltrated data from the defendant’s system during a roughly two-week period in March 2022, the lawsuit says.
Per the case, the compromised personal information was not encrypted and may have included patients’ names, Social Security numbers, medical codes, addresses, telephone numbers, email addresses, dates of birth and gender.
According to the suit, MCG’s failure to safeguard patients’ sensitive information was “particularly egregious” given the data breach was “highly foreseeable.”
The case says MCG discovered on March 25 that an unauthorized party had obtained certain information that “matched data stored on [the company’s] systems” by way of a “targeted attack” that was “expressly designed to gain access to and exfiltrate private and confidential data.”
Despite uncovering the breach in late March, MCG waited about three months before sending notice of the incident to those whose information was compromised, the lawsuit says.
“During this time, Plaintiff and Class Members were unaware that their sensitive personal identifying information had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the complaint states.
The plaintiff, a Slidell, Louisiana resident, says she received a data breach notification letter from MCG dated June 10, 2022, in which the defendant offered 12 months of identity monitoring services. According to the case, this offer is “wholly inadequate” to compensate the plaintiff and other data breach victims given they may face “multiple years of ongoing identity theft.” The lawsuit argues that the consequences of the data breach for those were affected are “long lasting and severe.”
The case looks to represent anyone MCG identified as among those affected by the data breach, including individuals who were sent notice of the incident.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.
Read more here: Hair Relaxer Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.