DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WA: MCG Health notifies patients and health plan members of data breach (updated)

Posted on June 11, 2022 by Dissent

Seattle-based MCG Health, LLC (“MCG”) provides patient care guidelines to providers and health care plans. According to a notice on their website that was also issued as a press release yesterday, on March 25, 2022, they determined that an unauthorized party had previously obtained personal information about some patients and members of certain MCG customers.

The affected patient or member data reportedly included some or all of the following data elements: names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and gender.

Their full statement can be found on their site (pdf) or on  businesswire.com.

Their statement omits significant details, and DataBreaches has sent an inquiry to them asking them when and how the bad actor first gained access to their system, how many people, total, had their data accessed and how many people, total, had their data exfiltrated. DataBreaches also inquired as to whether HHS has been notified, and whether there was any ransom or extortion demand.

Although their statement does not mention any data being leaked or sold on the dark web, it may be that they first “determined” the breach in March because data was listed for sale at that time. Hopefully, they will forthrightly confirm or deny that, and will explain whether they will be offering any credit monitoring or identity theft restoration services to those affected. Their press release makes no mention of any such offer.

No response to our inquiries was immediately available, but this post will be updated as more information becomes available.

Update of June 13.  DataBreaches sent an updated inquiry to MCG Health, also asking them to reply to the claims made by Twister Canyon in the Comments under the post. Of note, the commenter claims to have contacted MCG Health back in October or November about the breach, and also claims that most of the data has already been sold.

Also:  Avera Health issued a notice that approximately 700 of their patients were impacted by the breach. Expect many more such notices.

Update June 14:  Catholic Health Initiative has also issued a statement about their patients being impacted.  As WOWT reports, MCG Health has not been responding to requests for interviews. Nor have they yet responded to this site’s requests for a response to claims made by a threat actor that they have known about this breach since last October or November and that most of the data has already been sold.

Because this seems to be a breach that may have numerous updates or follow-ups, DataBreaches is creating a separate post for updates.

Related posts:

  • Updates to the MCG Health Breach Incident
  • Phelps Health notifies patients of MCG Health breach (and the lawsuits start…)
Category: Breach IncidentsHealth DataU.S.

Post navigation

← Shoprite Group issues warning on ‘suspected data compromise’ (UPDATED)
Yuma Regional Medical Center notifying approximately 700,000 patients of ransomware attack →

2 thoughts on “WA: MCG Health notifies patients and health plan members of data breach (updated)”

  1. Twister Canyon says:
    June 11, 2022 at 2:19 pm

    Some clarification on this article:
    * MCG Health was notified in October/November of 2021 when their CEO was contacted about the return of the data
    * Approximately 156 million records have been taken that were considere saleable. More (almost 50 million more) were seen to not have enough data to be sold, but still exist as data taken
    * Much of this has been resold either by medical code (dementia) age or other characteristics. This was done on the dark web, coordinated on the Versus market (twistercanyon vendor) but most sold off market in bulk
    * Remaining may be resold now that this long overdue notice has finally gone out. Versus is down so it’s unclear what site this will pop up on next.

    1. Dissent says:
      June 12, 2022 at 8:58 am

      Please check your email for mail from [email protected].

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.