SHA256 was provided
A file of SHA256 message digests for the ISOs was provided, and Lefebvre produced a GPG signature for that file. This has been the case since Linux Mint 17.0.
gpg: Signature made Wed 09 Dec 2015 16:09:06 GMT using DSA key ID 0FF405B2
gpg: Good signature from "Clement Lefebvre (Linux Mint Package Repository v1) <firstname.lastname@example.org>"
Primary key fingerprint: E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2
Checking the authenticity of the ISOs could have been strongly emphasized on the Linux Mint website, but Linux Mint goes for ease of use, and checking GPG signatures isn’t ease of use. And, this is unlikely to help someone downloading Linux Mint for the first time. If your website gets hacked, the hacker can probably remove or change the recommend verification steps.
Even the Tor Project says that the number of downloads of hash and signature files is a tiny fraction of the overall downloads for Tor Browser. If the users of Tor Browser don’t care, users of Linux Mint are going to care even less.