Data Theft Incidents Reported at Choice Health, MCG Health, & Goodman Campbell Brain and Spine

The South Carolina-based health insurance company, Choice Health, now part of Alight Solutions, has recently announced that the protected health information of some of its members has been obtained by an unauthorized individual.

Choice Health discovered on May 14, 2022, that an individual was offering a set of data that had allegedly been stolen from Choice Health. An investigation into a potential breach confirmed on May 18, 2022, that a single Choice Health database had been exposed over the Internet due to “a technical security configuration issue caused by a third-party service provider.” That issue meant the database could be accessed over the internet without authorization.

Choice Health determined that the database had been found and certain database files had been copied by an unauthorized individual on May 7, 2022. According to the notice submitted to the California Attorney General, the files contained information such as first and last names, Social Security numbers, Medicare beneficiary identification numbers, birth dates, addresses and contact information, and health insurance information.

Choice Health said it worked with the third-party service provider to secure the database and confirmed that it was no longer accessible over the Internet. Steps have also been taken to prevent similar incidents in the future, including implementing multi-factor authentication for access to its database files.

Choice Health said it has not identified any misuse of plan member data but has sent notifications to affected individuals and has offered them a 24-month membership to a credit monitoring and identity theft protection and resolution service.

At this stage, it is clear how many individuals have been affected. reported that the forum listing offering the data said 600MB of data had been obtained, spread across 2,141,006 files, which were described as having names such as “Agents, Commission, Contacts, Policies.”

MCG Health Announces Data Theft Incident

MCG Health in Seattle, WA, a provider of patient care guidelines to healthcare providers and health plans, started notifying patients and members of MCG customers that an unauthorized party has obtained some of their protected health information. According to the breach notice on the MCG website, MCG determined on May 25, 2022, that an unauthorized individual had obtained data that matched data on its systems, including names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses , dates of birth, and gender.

MCG Health has advised affected individuals to review their account statements and monitor their free credit reports for signs of misuse of their information. It does not appear that credit monitoring or identity theft protection services are being offered.

The breach notice does not explain the nature of the attack, how much data was stolen, how MCG Health learned that data had been stolen, or when the data theft incident occurred. This post will be updated when further information becomes available.

Goodman Campbell Brain and Spine Suffers Ransomware Attack

Goodman Campbell Brain and Spine in Indianapolis, IN, has recently announced that it suffered a cyberattack on May 20, 2022, which caused an outage of its computer network and communication systems. Goodman Campbell said steps were immediately taken to secure its systems and a third-party firm was engaged to assist with the investigation and incident response.

At this stage of the investigation, the full nature of the attack and the extent to which patients’ protected health information has been compromised has not been determined; however, so far it is clear that patient and employee data was accessed by an unauthorized individual. Notification letters will be sent to affected individuals when the investigation has been completed and it is clear which individuals have been affected and the types of data that were compromised. In the meantime, Goodman Campbell has recommended all patients monitor their credit reports, obtain a fraud alert, and place a security freeze on their credit as a precaution.

The exact nature of the cyberattack was not revealed by Goodman Campbell; however, the Hive ransomware gang has claimed responsibility for the attack and has listed some of the stolen data on its leak site.

Leave a Comment

Your email address will not be published.