HealthEC LLC, a supplier of well being administration options, suffered a data breach that impacts near 4.5 million people who acquired care by one of many firm’s clients.
HealthEC gives a inhabitants well being administration (PHM) platform that healthcare organizations can use for knowledge integration, analytics, care coordination, affected person engagement, compliance, and reporting.
On December 22, the agency disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized entry to a few of its programs.
An investigation of the incident concluded on October 24, 2023, and revealed that the intruder had stolen information from the breached programs internet hosting the next knowledge varieties:
- Title
- Deal with
- Date of delivery
- Social Safety quantity
- Taxpayer Identification Quantity
- Medical Report quantity
- Medical info (prognosis, prognosis code, psychological/bodily situation, prescription info, and supplier’s title and placement)
- Medical health insurance info (beneficiary quantity, subscriber quantity, Medicaid/Medicare identification)
- Billing and claims info (affected person account quantity, affected person identification quantity, and therapy value info)
“Normally, people ought to stay vigilant in opposition to incidents of id theft and fraud by reviewing account statements, rationalization of advantages statements, and monitoring free credit score stories for suspicious exercise and to detect errors,” reads HealthEC’s notification.
The corporate recommends that “suspicious exercise needs to be promptly reported to related events together with an insurance coverage firm, well being care supplier, and/or monetary establishment.”
On the time of the cyberattack, HealthEC did not specify how many individuals have been impacted by the intrusion, however a submission to Maine’s Legal professional Common’s workplace that involved simply one of many agency’s purchasers, MD Valuecare, set the variety of affected individuals to 112,005.
A brand new itemizing that appeared earlier right now on the breach portal of the U.S. Division of Well being and Human Companies reveals the bigger image, informing that the entire variety of affected people is 4,452,782.
There are 17 healthcare service suppliers and state-level well being programs that have been impacted by the cyberattack on the HealthEC tech options supplier.
Some main organizations listed within the discover embrace Corewell Well being, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the College Medical Heart of Princeton Physicians’ Group, and the Alliance for Built-in Care of New York.
