MCG Health
Company Details
Linkedin ID:
mcg-part-of-the-hearst-health-network
Website:
Employees number:
579
Number of followers:
19,675
NAICS:
62
Industry Type:
Homepage:
mcg.com
IP Addresses:
0
Company ID:
MCG_9610692
Scan Status:
In-progress
MCG Health Company CyberSecurity Posture
mcg.com
MCG Health, part of the Hearst Health network, provides unbiased clinical guidance that gives healthcare organizations confidence in their patient-centered care decisions. Our artificial intelligence and technology solutions, infused with objective clinical expertise, enable our clients to prioritize and simplify their work. MCG’s world-class customer service ensures that our clients maximize the benefits of licensing MCG solutions – demonstrating improved financial and clinical outcomes.
MCG Health A.I CyberSecurity Scoring
MCG Health Risk Score (AI oriented)Between 650 and 699
MCG Health
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MCG Health Global Score (TPRM)XXXX
MCG Health
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MCG Health Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
MCG Health
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: MCG Health, LLC suffered a data security incident after an unauthorized party previously obtained personal information about some patients and members of certain MCG customers. The compromised patient or member data included some or all of the following data elements: names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth and gender. MCG immediately launched the investigation and notified the compromised individuals.
MCG Health, LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported that MCG Health, LLC experienced a data breach affecting approximately 1,100,000 individuals, with a specific mention of 1 Maine resident. The breach, discovered on March 25, 2022, involved unauthorized access to personal information such as names, Social Security numbers, and medical codes. Identity protection and credit monitoring services were offered to the affected individuals.
MCG Health Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MCG Health
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for MCG Health in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for MCG Health in 2025.
Incident Types MCG Health vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for MCG Health in 2025.
Incident History — MCG Health (X = Date, Y = Severity)
MCG Health cyber incidents detection timeline including parent company and subsidiaries
MCG Health Company Subsidiaries
MCG Health, part of the Hearst Health network, provides unbiased clinical guidance that gives healthcare organizations confidence in their patient-centered care decisions. Our artificial intelligence and technology solutions, infused with objective clinical expertise, enable our clients to prioritize and simplify their work. MCG’s world-class customer service ensures that our clients maximize the benefits of licensing MCG solutions – demonstrating improved financial and clinical outcomes.
Loading...
MCG Health Similar Companies
Addus HomeCare
Addus HomeCare is one of the nation's largest and fastest growing providers of personal home care and support services. Since 1979, Addus has built an exceptional home care company through a commitment to improving the health and wellness of our clients and providing high-quality, cost-effective car
Bupa
Bupa's purpose is helping people live longer, healthier, happier lives and making a better world. We are an international healthcare company serving over 38 million customers worldwide. With no shareholders, we reinvest profits into providing more and better healthcare for the benefit of current an
SSM Health is a Catholic, not-for-profit, fully integrated health system dedicated to advancing innovative, sustainable, and compassionate care for patients and communities throughout the Midwest and beyond. The organization’s 40,000 team members and 13,900 providers are committed to fulfilling SSM
Founded in 1866, University Hospitals serves the needs of patients through an integrated network of 23 hospitals (including 5 joint ventures), more than 50 health centers and outpatient facilities, and over 200 physician offices in 16 counties throughout northern Ohio. The system’s flagship quaterna
BJC Health System
BJC Health System is one of the largest nonprofit health care organizations in the United States and the largest in the state of Missouri, serving urban, suburban, and rural communities across Missouri, southern Illinois, eastern Kansas, and the greater Midwest region. One of the largest employers i
University Health Network
University Health Network (UHN) is Canada's largest research hospital, which includes Toronto General and Toronto Western Hospitals, Princess Margaret Cancer Centre, the Toronto Rehabilitation Institute and the Michener Institute for Education at UHN. The scope of research and complexity of cases at
Johnson & Johnson
At Johnson & Johnson, we believe health is everything. As a focused healthcare company, with expertise in Innovative Medicine and MedTech, we’re empowered to tackle the world’s toughest health challenges, innovate through science and technology, and transform patient care. All of this is possibl
UT Southwestern Medical Center
UT Southwestern is an academic medical center, world-renowned for its research, regarded among the best in the country for medical education and for clinical and scientific training, and nationally recognized for the quality of care its faculty provides to patients at UT Southwestern’s University Ho
Wellstar Health System
At Wellstar Health System, our mission is to enhance the health and well-being of every person we serve. Nationally ranked and locally recognized for our high-quality care, inclusive culture and world-class doctors and caregivers, Wellstar is one of the largest, most integrated healthcare systems in
.png)
MCG Health CyberSecurity News
November 01, 2025 07:00 AM
Relief for India! Why MCG's wrecker-in-chief Josh Hazlewood is not playing the third T20I in Hobart
Cricket News: India's top order breathes a sigh of relief as Australian pace spearhead Josh Hazlewood is rested for the third T20I in Hobart...
October 30, 2025 07:00 AM
Deploy more teams to enhance sanitation in next 3 days, MCG told
Gurgaon: Divisional commissioner R C Bidhan has asked MCG to deploy more teams to enhance the city's sanitation in the next three days.
October 28, 2025 02:18 PM
MCG and Allegheny Health Network to Present at 2025 ACMA Leadership Conference on the Benefits of AI in Utilization Management
Ms. Lanter will co-present "Interoperability, AI, and Evidence-Based Care: Mitigate Denials & Improve Efficiency" with AHN's Amanda Smith,...
October 07, 2025 06:42 AM
US lawyers represent Wellstar Health System in Augusta University Health System acquisition
Norton Rose Fulbright represented Wellstar in its acquisition of Augusta University Health System as well as in the structuring a long-term affiliation...
September 22, 2025 07:00 AM
Jeffery Talbert, PhD, named inaugural chair for Department of AI and Health
I never thought I would make a big move like this, but it's just the right time, right place," says Jeffery Talbert, PhD.
June 23, 2025 07:00 AM
AU earns prestigious 2025 CSO50 Award for excellence in cybersecurity
Augusta University, one of only three universities to earn the distinction, also earned the distinction in 2023.
April 06, 2025 07:00 AM
Cut in funds for roads? Gurgaon civic body’s new councillors to take a call on April 8
Gurgaon: MCG on Friday scheduled a meeting with newly elected councillors and the mayor to discuss the budget of fiscal year 2025-26 on...
December 09, 2024 08:00 AM
Atrium Health notifies 586K of past tracking tech use
Learn about Atrium Health's use of tracking tech on its patient portal, along with other healthcare data breaches.
October 10, 2024 07:00 AM
MCG Health to Pay $8.8 Million to Settle Suit Over 2022 Breach
MCG Health LLC will pay $8.8 million to settle a class action alleging it negligently failed to protect the personal information of nearly...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MCG Health CyberSecurity History Information
Official Website of MCG Health
The official website of MCG Health is https://www.mcg.com/.
MCG Health’s AI-Generated Cybersecurity Score
According to Rankiteo, MCG Health’s AI-generated cybersecurity score is 699, reflecting their Weak security posture.
How many security badges does MCG Health’ have ?
According to Rankiteo, MCG Health currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does MCG Health have SOC 2 Type 1 certification ?
According to Rankiteo, MCG Health is not certified under SOC 2 Type 1.
Does MCG Health have SOC 2 Type 2 certification ?
According to Rankiteo, MCG Health does not hold a SOC 2 Type 2 certification.
Does MCG Health comply with GDPR ?
According to Rankiteo, MCG Health is not listed as GDPR compliant.
Does MCG Health have PCI DSS certification ?
According to Rankiteo, MCG Health does not currently maintain PCI DSS compliance.
Does MCG Health comply with HIPAA ?
According to Rankiteo, MCG Health is not compliant with HIPAA regulations.
Does MCG Health have ISO 27001 certification ?
According to Rankiteo,MCG Health is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of MCG Health
MCG Health operates primarily in the Hospitals and Health Care industry.
Number of Employees at MCG Health
MCG Health employs approximately 579 people worldwide.
Subsidiaries Owned by MCG Health
MCG Health presently has no subsidiaries across any sectors.
MCG Health’s LinkedIn Followers
MCG Health’s official LinkedIn profile has approximately 19,675 followers.
NAICS Classification of MCG Health
MCG Health is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
MCG Health’s Presence on Crunchbase
No, MCG Health does not have a profile on Crunchbase.
MCG Health’s Presence on LinkedIn
Yes, MCG Health maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mcg-part-of-the-hearst-health-network.
Cybersecurity Incidents Involving MCG Health
As of November 28, 2025, Rankiteo reports that MCG Health has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
MCG Health has an estimated 30,068 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at MCG Health ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does MCG Health detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with notified compromised individuals, and remediation measures with identity protection and credit monitoring services offered..
Incident Details
Can you provide details on each incident ?
Title: Data Security Incident at MCG Health, LLC
Description: MCG Health, LLC suffered a data security incident after an unauthorized party previously obtained personal information about some patients and members of certain MCG customers.
Type: Data Breach
Threat Actor: Unauthorized Party
Title: MCG Health Data Breach
Description: The Maine Office of the Attorney General reported that MCG Health, LLC experienced a data breach affecting approximately 1,100,000 individuals, with a specific mention of 1 Maine resident. The breach, discovered on March 25, 2022, involved unauthorized access to personal information such as names, Social Security numbers, and medical codes. Identity protection and credit monitoring services were offered to the affected individuals.
Date Detected: 2022-03-25
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MCG1238722
Data Compromised: Names, Social security numbers, Medical codes, Postal addresses, Telephone numbers, Email addresses, Dates of birth, Gender
Incident : Data Breach MCG132072525
Data Compromised: Names, Social security numbers, Medical codes
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, , Names, Social Security Numbers, Medical Codes and .
Which entities were affected by each incident ?
Incident : Data Breach MCG1238722
Entity Name: MCG Health, LLC
Entity Type: Healthcare
Industry: Healthcare
Incident : Data Breach MCG132072525
Entity Name: MCG Health, LLC
Entity Type: Company
Industry: Healthcare
Customers Affected: 1100000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MCG1238722
Communication Strategy: Notified compromised individuals
Incident : Data Breach MCG132072525
Remediation Measures: Identity protection and credit monitoring services offered
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MCG1238722
Type of Data Compromised: Personal information
Sensitivity of Data: High
Incident : Data Breach MCG132072525
Type of Data Compromised: Names, Social security numbers, Medical codes
Number of Records Exposed: 1100000
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identity protection and credit monitoring services offered, .
References
Where can I find more information about each incident ?
Incident : Data Breach MCG132072525
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified compromised individuals.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-03-25.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, gender, , names, Social Security numbers, medical codes and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were medical codes, Social Security numbers, gender, dates of birth, telephone numbers, email addresses, names and postal addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 110.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mcg-part-of-the-hearst-health-network' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
