A US healthcare company reveals that a data breach has affected millions of patients
Healthcare technology company HealthEC has confirmed that it suffered a data breach in the summer of 2023, losing sensitive data of 4.5 million people, customers of its customers.
In a report filed with the Maine attorney general's office, the company said the attack occurred between July 14 and July 23 last year, and that hackers stole names and other personal identifying information.
However, BleepingComputer reports that the attackers stole names, mailing addresses, dates of birth, social security numbers, taxpayer identification numbers, medical record numbers, medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and healthcare provider's name and location), health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification) and billing and claims information (patient account number, patient identification number, and treatment cost information), indicating a victim published notice.
Well over a dozen victims
As HealthEC's customer data was stolen, several companies were affected by the incident. Some of the companies mentioned in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, Princeton University Medical Center Physicians' Organization and the Alliance for Integrated Care of New York.
As an example, MD Valuecare was reported to have 112,005 patients with stolen information.
“In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, providing explanations of benefit statements, and monitoring free credit reports for suspicious activity and to detect errors,” HealthEC said in its notice. The company added that “suspicious activity should be immediately reported to relevant parties, including an insurance company, healthcare provider and/or financial institution.”
Patients should use extra caution when receiving email messages and other communications from people claiming to be employees of any of these companies.
HealthEC is developing a population health management (PHM) platform used by several healthcare companies for data analytics, compliance, reporting and more.