MNGI Digestive Health yesterday confirmed it notified 765,936 people about an August 2023 data breach that compromised a huge trove of patients’ personal, medical, and financial info.
The affected data includes: Social Security numbers, medical info, health insurance info, dates of birth, patient account numbers, financial account info, driver’s license or state ID numbers, passport numbers, payment card info, usernames, passwords, taxpayer ID numbers, and biometric data
According to our data, this was the ninth-largest attack on a US healthcare organization in 2023 by number of records affected.
Although the breach began August 20, 2023, MNGI says it took nearly 10 months to identify and notify victims. “Following a thorough and time-intensive review of the affected data, MNGI learned on June 7, 2024 that certain individuals’ personal and protected health information was potentially affected by this incident,” the notification says. “Since that time, MNGI has been diligently collecting up-to-date address information needed to notify all potentially affected individuals.”
Ransomware group ALPHV/BlackCat claimed responsibility for the attack, saying it stole more than 2 TB of data. On September 24, 2023, ALPHV demanded a ransom within 48 hours.
MNGI did not verify ALPHV’s claim. We don’t yet know whether MNGI paid a ransom, how much ransom was demanded, or how attackers breached MNGI’s network. Comparitech contacted MNGI for comment and will update this article if it responds.
Comparitech recommends victims take advantage of the identity theft protection services provided by MNGI via CyEx.
Who is ALPHV/BlackCat?
ALPHV/BlackCat is responsible for some of the most high profile ransomware attacks of the past few years, including major attacks on LoanDepot, Prudential Insurance, Fidelity, VF Corporation, and Change Healthcare.
ALPHV/BlackCat went dark after the Change Healthcare attack in March 2024, when it reportedly pulled off an exit scam. ALPHV allegedly stole a $22 million ransom payment and pulled the rug out from under its affiliates, who were never paid. The attack on MNGI most likely happened before ALPHV/BlackCat’s exit. The last attack claimed by ALPHV (unconfirmed) was in April 2024.
Comparitech researchers have tracked 201 confirmed ransomware attacks claimed by ALPHV/BlackCat in total, affecting 66.8 million records. Of these, 24 attacks were on healthcare companies.
Ransomware attacks on US healthcare
Hospitals, clinics, and other healthcare-related organizations are frequent targets for ransomware attacks. In addition to data theft, ransomware can disrupt key systems used for payments, making appointments, storing patient information, and more. Hospitals and clinics might be forced to cancel appointments and divert patients elsewhere, or resort to pen and paper until systems are restored.
We logged 135 attacks on US healthcare in 2023, affecting 22,825,428 records. These are the biggest figures we’ve seen in a single year since our reporting began in 2018.
ALPHV/BlackCat was responsible for 15 of these attacks in 2023, compromising 6.8 million records. The biggest of these were on Norton Healthcare (2.5m affected) and McLaren Health Care (2.19m affected).
So far this year, we’ve logged 38 confirmed attacks on US healthcare organizations, affecting 5,361,313 records. A further 92 attacks have been claimed but not confirmed.
About MNGI Digestive Health
Founded in 1973, MNGI is a chain of 12 clinics in Minnesota and Wisconsin that specialize in gastroenterology. It employs more than 100 gastroenterologists, physician assistants, and nurse practitioners, according to its website.
