For the second time in the last two months, a massive data breach is affecting Southeast Michigan patients at Corewell Health.
Corewell Health, formerly known as Beaumont Health, said the new data breach involves a vendor named HealthEC, which according to the Michigan Attorney General, impacts more than one million patients in Michigan.
Recommended Videos
The compromised data may include names, addresses, birth dates, social security numbers, medical record numbers and potentially medical information like diagnoses, conditions, prescriptions and health insurance information. Letters were mailed out Dec. 22 to those impacted by the latest breach.
“The privacy of our patients is a top concern. We recently learned our vendor, HealthEC, LLC, was affected by a cyberattack that involved more than 15 organizations earlier this year. HealthEC is communicating directly with individuals whose data was affected by the attack, and credit monitoring is available to all impacted people,” Corewell Health said in a statement.
HealthEC is offering a year of free credit monitoring and identity protection, which is outlined in the letter. For additional information, consumers can call 1-833-466-9216 toll-free.
Here’s more info on what happened from HealthEC:
What Happened? HEC became aware of suspicious activity potentially involving its network and promptly began an investigation. The investigation determined that certain systems were accessed by an unknown actor between July 14, 2023 and July 23, 2023, and during this time certain files were copied. We then undertook a thorough review of the files in order to identify what specific information was present in the files and to whom it relates. This review was completed on or around October 24, 2023 and identified information relating to some of HEC’s clients. HEC began notifying our clients on October 26, 2023, and we worked with them to notify potentially impacted individuals.
What Information was Involved? The types of information identified through our review varies by individual but includes name, address, date of birth, Social Security number, Taxpayer Identification number, Medical Record number, Medical information (including but not limited to Diagnosis, Diagnosis Code, Mental/Physical Condition, Prescription information, and provider’s name and location), Health insurance information (including but not limited to beneficiary number, subscriber number, Medicaid/Medicare identification), and/or Billing and Claims information (including but not limited to patient account number, patient identification number, and treatment cost information).
What HEC Business Partners/Customers are Impacted by this Event? HealthEC’s impacted business partners include Corewell Health, HonorHealth, University Medical Center of Princeton Physicians’ Organization, Community Health Care Systems, State of Tennessee, Division of TennCare, Beaumont ACO, KidneyLink, Alliance for Integrated Care of New York, LLC, Compassion Health Care, Metro Community Health Centers, Advantage Care Diagnostic & Treatment Center, Inc., Long Island Select Healthcare, Mid Florida Hematology & Oncology Centers, P.A, d/b/a Mid-Florida Cancer Centers, Illinois Heath Practice Alliance, LLC, East Georgia Healthcare Center, Hudson Valley Regional Community Health Centers, and Upstate Family Health Center, Inc.
What HEC Is Doing. We take this event, your privacy, and the security of information in our care very seriously. Upon learning of the suspicious activity, we moved immediately to investigate and respond. The investigation included confirming the security of our network, reviewing the relevant files and systems, notifying potentially affected business partners/customers, and notifying federal law enforcement. As part of our ongoing commitment to your privacy and the security of information in our care, we are also reviewing our existing policies and procedures.
What You Can Do. In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors. Suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution. Additional information and resources may be found below in the Steps You Can Take to Protect Personal Information section of this notice.
For More Information. For questions on this notice you may write to HEC at 343 Thornall St # 630, Edison, NJ 08837. You may also contact our dedicated assistance line at 1-833-466-9216 between 8:00 am to 8:00 pm Eastern time, Monday through Friday, excluding holidays.
Related: Hackers access personal data of 1 million Michiganders in national data breach