In July 2023, HealthEC LLC, a key player in health management solutions, experienced a significant data breach impacting roughly 4.5 million individuals. The breach happened between July 14 and July 23 and exposed a vast array of sensitive data.
Compromised information included personal identifiers like names and Social Security Numbers (SSNs), as well as detailed medical records, diagnoses, and insurance information. The breach affected several healthcare providers and state health systems, notably including Corewell Health and the State of Tennessee’s Division of TennCare.
Stay One Step Ahead of Cyber Threats
Responding to the crisis, HealthEC notified clients and affected individuals on October 26, with formal notifications sent out starting December 22, 2023. They reported the breach to the Department of Health and Human Services’ Office for Civil Rights in line with regulatory requirements.
To mitigate the damage and prevent future incidents, HealthEC enhanced its security measures and offered complimentary credit monitoring to those impacted. The company also advised individuals to monitor their credit reports and account statements closely for signs of identity theft or fraud.
The Michigan Attorney General, among others, has called for stricter legislation mandating prompt notifications in the event of data breaches.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional