Data Theft Incidents Reported at MCG Health, Choice Health, & Goodman Campbell Brain and Spine

MCG Health Announces Data Theft Incident Affecting 1.1 Million Individuals

MCG Health in Seattle, WA, a provider of patient care guidelines to healthcare providers and health plans, started notifying patients and members of MCG customers that an unauthorized party has obtained some of their protected health information. According to the breach notice on the MCG website, MCG determined on March 25, 2022, that an unauthorized individual had obtained data that matched data on its systems, including names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and gender.

MCG Health has advised affected individuals to review their account statements and monitor their free credit reports for signs of misuse of their information. The substitute breach notice on the MCG Health website does not explain the nature of the attack, how much data was stolen, how MCG Health learned that data had been stolen, or when the data theft incident occurred. A lawsuit filed against MCG Health alleges hackers first gained access to its systems in February 2020, but it took more than two years for the breach to be detected.

The breach notice submitted to the Maine Attorney General indicates the protected health information of up to 1.1 million individuals was compromised. The notice states that credit monitoring services have been offered to affected individuals.


The breach has now been reported to the HHS’ Office for Civil Rights as affecting 793,283 individuals. Some MCG Health clients may be reporting the breach separately. Entities known to have been affected by the breach include:

  • Indiana University Health in Indianapolis, IA
  • Jefferson County Health Center in Fairfield, IA
  • CHI Health in Omaha, NE
  • Avera Health in Sioux Falls, SD
  • Lenoir Health Care. in Kinston, NC
  • Henry County Medical Center in Paris, TN
  • Newman Regional Medical Center in Emporia, KS
  • Phelps Health Medical Group in Rolla, MO
  • Copley Hospital in Morrisville, VT
  • Catholic Health Initiatives in Englewood, CO

The protected health information of 10 patients is known to have been posed to a dark web site.

Patient Data Exfiltrated in Ransomware Attack on Choice Health

The South Carolina-based health insurance company, Choice Health, now part of Alight Solutions, has recently announced that the protected health information of some of its members has been obtained by an unauthorized individual.

Choice Health discovered on May 14, 2022, that an individual was offering a set of data that had allegedly been stolen from Choice Health. An investigation into a potential breach confirmed on May 18, 2022, that a single Choice Health database had been exposed over the Internet due to “a technical security configuration issue caused by a third-party service provider.” That issue meant the database could be accessed over the internet without authorization.

Choice Health determined that the database had been found and certain database files had been copied by an unauthorized individual on May 7, 2022. According to the notice submitted to the California Attorney General, the files contained information such as first and last names, Social Security numbers, Medicare beneficiary identification numbers, birth dates, addresses and contact information, and health insurance information.

Choice Health said it worked with the third-party service provider to secure the database and confirmed that it was no longer accessible over the Internet. Steps have also been taken to prevent similar incidents in the future, including implementing multi-factor authentication for access to its database files.

Choice Health said it has not identified any misuse of plan member data but has sent notifications to affected individuals and has offered them a 24-month membership to a credit monitoring and identity theft protection and resolution service.

At this stage, it is unclear how many individuals have been affected. reported that the forum listing offering the data said 600MB of data had been obtained, spread across 2,141,006 files, which were described as having names such as “Agents, Commission, Contacts, Policies.”

Goodman Campbell Brain and Spine Suffers Ransomware Attack

Goodman Campbell Brain and Spine in Indianapolis, IN, has recently announced that it suffered a cyberattack on May 20, 2022, which caused an outage of its computer network and communication systems. Goodman Campbell said steps were immediately taken to secure its systems and a third-party firm was engaged to assist with the investigation and incident response.

At this stage of the investigation, the full nature of the attack and the extent to which patients’ protected health information has been compromised has not been determined; however, so far it is clear that patient and employee data was accessed by an unauthorized individual. Notification letters will be sent to affected individuals when the investigation has been completed and it is clear which individuals have been affected and the types of data that were compromised. In the meantime, Goodman Campbell has recommended all patients monitor their credit reports, obtain a fraud alert, and place a security freeze on their credit as a precaution.

The exact nature of the cyberattack was not revealed by Goodman Campbell; however, the Hive ransomware gang has claimed responsibility for the attack and has listed some of the stolen data on its leak site.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.