The Information Highway

The Information Highway

Font size: +
2 minutes reading time (359 words)

Data breach at healthcare tech firm impacts 4.5 million patients

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers.


HealthEC provides a population health management (PHM) platform that healthcare organizations can use for data integration, analytics, care coordination, patient engagement, compliance, and reporting.

On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.

An investigation of the incident concluded on October 24, 2023, and revealed that the intruder had stolen files from the breached systems hosting the following data types:

  • Name
  • Address
  • Date of birth
  • Social Security number
  • Taxpayer Identification Number
  • Medical Record number
  • Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider's name and location)
  • Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
  • Billing and claims information (patient account number, patient identification number, and treatment cost information)

"In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors," reads HealthEC's notification.

The company recommends that "suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution."

At the time of the cyberattack, HealthEC didn't specify how many people were impacted by the intrusion, but a submission to Maine's Attorney General's office that concerned just one of the firm's clients, MD Valuecare, set the number of affected persons to 112,005.

A new listing that appeared earlier today on the breach portal of the U.S. Department of Health and Human Services shows the larger picture, informing that the total number of affected individuals is 4,452,782.

There are 17 healthcare service providers and state-level health systems that were impacted by the cyberattack on the HealthEC tech solutions provider.

Some major organizations listed in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York.

Bitwarden adds passkey support to log into web pas...
Nearly 11 million SSH servers vulnerable to new Te...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023