Written by : Nikita Saha
December 29, 2023
The breach occurred at HealthEC, which is a population health management platform that provides services to Corewell Health’s southeast Michigan properties, leading to the exposure of patients’ personal and medical information.
Corewell Health, a health system in USA’s Michigan has reported its second cybersecurity breach this year, impacting more than one million patients. This is the second time in a year that Corewell Health patients had their medical information exposed in a data breach.
The breach occurred at HealthEC, which is a population health management platform that provides services to Corewell Health’s southeast Michigan properties, leading to the exposure of patients’ personal and medical information.
The specific information exposed remains unclear but could include name, address, date of birth, social security number, medical diagnoses, mental/physical condition, health insurance information, treatment cost information, and billing and claims information.
On the mishap, Dana Nessel, attorney general, Michigan, said, “Michigan residents have been subjected to a surge of healthcare-related data breaches and deserve robust protection.” Nessel urged the Michigan legislature to require companies experiencing a data breach to immediately inform the Department of Attorney General.
For those affected by the data breach, Nessel’s office recommends changing passwords, contacting their bank or credit union and potentially placing a fraud alert on their credit file to prevent identity theft.
In November, a similar breach occurred but involved Welltok, Inc., a software company that provides communication services for Corewell Health.
In addition, the names, addresses, and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were compromised in this breach. This breach was the fourth-largest healthcare data breach in the U.S., highlighting the growing concern over cybersecurity in the healthcare sector.
Due to the breach, HealthEC is offering 12 months of credit monitoring and identity protection services to patients through TransUnion.
This incident is the latest in a series of cyberware attacks and data breaches affecting health systems across the U.S. Other recent breaches include those at Integris Health in Oklahoma, Capital Health in New Jersey, and hospitals run by Ardent Health Services. These breaches highlight the growing concern over cybersecurity in the healthcare sector.
In a similar development, Indusface, an app security solutions firm, found over 1.6 billion cyberattacks in India in the second quarter ended September 30, 2023, showing an increase of 70% over the previous quarter.
Reportedly, the top victims of DDoS attacks were India (135 million attacks), the United States (111 million), Germany (1 million) and the UK (1.5 million). India, the US, the UK, Russia and Singapore emerged as top victims of bot attacks.