Data Theft Incidents Reported at Choice Health and MCG Health

The health insurance firm, Choice Health based in South Carolina, presently a part of Alight Solutions, has lately announced that the protected health information (PHI) of a number of its members were obtained by an unauthorized individual.

Choice Health found out on May 14, 2022, that a person was offering a set of data that were presumably stolen from Choice Health. On May 18, 2022, an investigation into a probable breach affirmed that a single Choice Health database was exposed online due to “a technical protection configuration problem caused by a third-party company.” Because of the issue, the database may be accessed online without requiring authorization.

Choice Health established that the database had been found and a number of database files were copied by an unauthorized person on May 7, 2022. Based on the notice sent to the California Attorney General, the files had information such as first and last names, Medicare beneficiary ID numbers, Social Security numbers, birth dates, addresses and contact data, and medical insurance details.

Choice Health stated it engaged a third-party company to secure the database and stated that it was no longer available over the web. Steps were also done to avoid similar occurrences later on, which include employing multi-factor authentication before getting access to its database files.

Choice Health mentioned it has not seen any misuse of plan member information; however, it has sent breach notifications to affected people and has provided them a membership to a credit monitoring and identity theft protection and resolution service for 2-months.

At this period, it is not clear how many persons were impacted. noted that the forum write-up offering the information mentioned 600MB of data was acquired with 2,141,006 files. The files were described as including labels like Agents, Commission, Contacts, and Policies.

MCG Health ReportsReports Data Theft Incident

MCG Health based in Seattle, WA, a company offering patient care guidelines to healthcare companies and health plans, began informing patients and members of MCG clients about the potential theft of some of their PHI by an unauthorized party. Based on the breach notification on the MCG web page, MCG discovered on May 25, 2022, that an unauthorized person had acquired information that matched information on its systems, which includes names, postal addresses, phone numbers, email addresses, birth dates, gender, Social Security numbers, and medical codes.

MCG Health has instructed impacted persons to look at their account statements and keep an eye on their free credit statements for indications of misuse of their data. It seems that no identity theft protection or credit monitoring services are being provided.

The breach notice doesn’t mention the cause of the attack, how much information was compromised, how MCG Health knew about the stolen data or the time of the data theft occurrence.