in Newswire Published on June 22, 2022

MCG Health Hit with Class Action Over March 2022 Data Breach Affecting 1.1M Patients [UPDATE]

by Erin Shaak

Last Updated on June 28, 2024

View Comments

Strecker v. MCG Health, LLC

Filed: June 20, 2022 § 2:22-cv-00862

Read Complaint

MCG faces a class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.

Defendant(s)

MCG Health, LLC

Law(s)

Washington Consumer Protection Act

State(s)

Washington

Categories

Privacy Data Breach

June 28, 2024 – MCG Health Data Breach Lawsuit Settled for $8.8 Million

MCG Health has agreed to an $8.8 million settlement to resolve the proposed class action lawsuit detailed on this page.

Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.

The deal, which the court preliminarily approved on May 1, 2024, covers any U.S. resident whose personal and/or health information was accessed or acquired during the MCG Health data breach discovered around March 25, 2022.

The plaintiffs’ unopposed motion for preliminary settlement approval reveals that approximately 1.1 million individuals are covered by the MCG Health data breach settlement, and class members should have already received notice of the deal.

Class members have until September 30, 2024 to file a claim for benefits, which they can do by mail or online at the official MCG Health data breach lawsuit settlement website, MCGDataSettlement.com.

Class members can submit a claim for reimbursement for documented expenses incurred as a result of the breach, including up to $1,500 for documented “ordinary” losses, such as out-of-pocket credit monitoring costs or losses related to fraud or identity theft, and up to $10,000 for extraordinary losses.

To file a claim online, head to this page and enter the class member ID provided on the notice you received.

Alternatively, covered individuals can file a claim to receive a pro-rated cash payment from the settlement fund. Each class member is also entitled to three years of free credit monitoring and identity theft protection services, court documents say.

Finally, as part of the deal MCG Health has also agreed to implement and maintain measures to enhance its cybersecurity.

The website relays that payments will be distributed to eligible class members if and when the court grants final approval to the deal, and after any objections or appeals are resolved. A final approval hearing is scheduled for September 13, 2024.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements

MCG Health, LLC faces a proposed class action over a data breach earlier this year that reportedly exposed the personal and medical information of roughly 1.1 million patients.

The 37-page case claims that MCG, who provides patient care guidelines to healthcare providers and health plans, failed to adequately safeguard its data from unauthorized access. As a result, cybercriminals exfiltrated data from the defendant’s system during a roughly two-week period in March 2022, the lawsuit says.

Per the case, the compromised personal information was not encrypted and may have included patients’ names, Social Security numbers, medical codes, addresses, telephone numbers, email addresses, dates of birth and gender.

According to the suit, MCG’s failure to safeguard patients’ sensitive information was “particularly egregious” given the data breach was “highly foreseeable.”

The case says MCG discovered on March 25 that an unauthorized party had obtained certain information that “matched data stored on [the company’s] systems” by way of a “targeted attack” that was “expressly designed to gain access to and exfiltrate private and confidential data.”

Despite uncovering the breach in late March, MCG waited about three months before sending notice of the incident to those whose information was compromised, the lawsuit says.

“During this time, Plaintiff and Class Members were unaware that their sensitive personal identifying information had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the complaint states.

The plaintiff, a Slidell, Louisiana resident, says she received a data breach notification letter from MCG dated June 10, 2022, in which the defendant offered 12 months of identity monitoring services. According to the case, this offer is “wholly inadequate” to compensate the plaintiff and other data breach victims given they may face “multiple years of ongoing identity theft.” The lawsuit argues that the consequences of the data breach for those were affected are “long lasting and severe.”

The case looks to represent anyone MCG identified as among those affected by the data breach, including individuals who were sent notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on June 28, 2024 — 4:13 PM

Erin Shaak

erin@classaction.org

Erin works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.