Massive Data Breach Strikes Healthcare Tech Firm: 4.5 Million Patients Affected

A Massive Data Breach Affects Millions

HealthEC LLC, a company that provides health management solutions, recently experienced a significant data breach. The breach affected nearly 4.5 million individuals who received care through one of HealthEC’s customers.

This company offers a population health management (PHM) platform, which healthcare organizations use for data integration, analytics, care coordination, patient engagement, compliance, and reporting. But between July 14 and 23, 2023, unauthorized access to some of HealthEC’s systems occurred.

What Information Was Compromised?

After an investigation that concluded on October 24, 2023, it was determined that the intruder stole files from the breached systems. The compromised information includes:

• Name
• Address
• Date of birth
• Social Security number
• Taxpayer Identification Number
• Medical Record number
• Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
• Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
• Billing and claims information (patient account number, patient identification number, and treatment cost information)

Protecting Yourself from Identity Theft and Fraud

In light of this breach, HealthEC’s notification advises individuals to stay vigilant against incidents of identity theft and fraud. They recommend regularly reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and errors.

If you notice any suspicious activity, it’s crucial to report it promptly to relevant parties, including your insurance company, healthcare provider, and financial institution.

The Scope of the Breach

Initially, HealthEC did not specify the number of individuals affected by the cyberattack. However, a submission to Maine’s Attorney General’s office revealed that 112,005 people were impacted by just one of HealthEC’s clients, MD Valuecare.

But a recent listing on the breach portal of the U.S. Department of Health and Human Services shows a much larger picture. The total number of affected individuals is now reported to be 4,452,782.

Seventeen healthcare service providers and state-level health systems were impacted by this cyberattack on HealthEC. Some major organizations listed in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians’ Organization, and the Alliance for Integrated Care of New York.

Stay Informed and Stay Protected

This data breach is a stark reminder of the importance of cybersecurity in the healthcare industry. As an IT Services expert, we’re here to help educate and protect you from similar incidents. To stay informed and ensure the safety of your personal information, keep coming back to learn more and don’t hesitate to contact us if you have any concerns.