MCG Health Sued Again Over 2020 Data Breach


Just one day after a similar lawsuit was filed, patients whose data was stored by MCG Health Inc. filed a lawsuit against the company in the Western District of Washington on Wednesday. The suit comes in response to a data breach that compromised sensitive information of hundreds of thousands of hospital patients.

The complaint says that in February 2020, MCG Health was hacked and their patients’ files were extracted. They allegedly did not learn of the hack until March 2022, and did not tell their 1,100,000 customers their personally identifiable and personal health information was stolen until June 2022.

MCG Health is a software company that manages personal and health data for “majority of U.S. health plans and nearly 2,600 hospitals” and they collect names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and genders for their database. Not only did over a million people have their data compromised, but the plaintiffs claimed that they “suffer a present injury from the existing and continuing risk of fraud.”

According to the complaint, criminals can use these records to create fake insurance claims, sell Social Security numbers and it can  have deadly consequences if a victim’s health information is tampered with as “misdiagnosis or mistreatment can ensue.” The plaintiffs said that they have faced irreparable harm from the data breach, and have each spent hours trying to protect their identity with the appropriate services, which has cost them. As a result, they are suing on the counts of a violation of the Washington Consumer Protection Act, negligence, and invasion of privacy.

The plaintiffs are seeking class certification, monetary relief, injunctive relief enjoining MCG Health to enhance their cybersecurity, pre- and post-judgment interest, attorney’s fees and costs, and other relief.

The plaintiffs are represented by Terrell Marshall Law Group PLLC