Article Details
Scrape Timestamp (UTC): 2024-01-03 16:24:14.517
Original Article Text
Click to Toggle View
Data breach at healthcare tech firm impacts 4.5 million patients. HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. HealthEC provides a population health management (PHM) platform that healthcare organizations can use for data integration, analytics, care coordination, patient engagement, compliance, and reporting. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems. An investigation of the incident concluded on October 24, 2023, and revealed that the intruder had stolen files from the breached systems hosting the following data types: "In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors," reads HealthEC's notification. The company recommends that "suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution." At the time of the cyberattack, HealthEC didn't specify how many people were impacted by the intrusion, but a submission to Maine's Attorney General's office that concerned just one of the firm's clients, MD Valuecare, set the number of affected persons to 112,005. A new listing that appeared earlier today on the breach portal of the U.S. Department of Health and Human Services shows the larger picture, informing that the total number of affected individuals is 4,452,782. There are 17 healthcare service providers and state-level health systems that were impacted by the cyberattack on the HealthEC tech solutions provider. Some major organizations listed in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York.
Daily Brief Summary
HealthEC LLC experienced a data breach impacting an estimated 4.5 million individuals who received care from the company's clients.
Unauthorized access to HealthEC's systems occurred between July 14 and July 23, 2023, resulting in theft of files containing sensitive patient data.
The breach was reported on December 22, 2023, following an investigation that concluded on October 24.
Patient data types compromised include personal and health information, necessitating vigilance against identity theft and fraud.
Patients are advised to monitor account statements, benefit explanations, and credit reports for unusual activities.
A recent report to Maine's Attorney General disclosed that 112,005 individuals were affected from just one client, MD Valuecare, highlighting a fraction of the total breach.
The U.S. Department of Health and Human Services' breach portal updated to reflect the larger scale of the breach, with 4,452,782 total affected individuals across 17 healthcare providers and systems including notable entities such as Corewell Health and the State of Tennessee – Division of TennCare.