Heimdal
article featured image

Contents:

HealthEC LLC, a leading provider in health management solutions, experienced a significant data breach, impacting approximately 4.5 million individuals. This incident affected patients who received care through one of HealthEC’s client organizations.

The company’s population health management platform, used by numerous healthcare organizations, integrates various aspects of patient data, including analytics, care coordination, and compliance.

Details of the Cyberattack

The breach occurred between July 14 and 23, 2023, with unauthorized access to HealthEC’s systems being detected. Upon investigation, which concluded on October 24, 2023, it was discovered that the attacker extracted sensitive files.

The compromised data includes:

  • Name
  • Address
  • Date of birth
  • Social Security number
  • Taxpayer Identification Number
  • Medical Record number
  • Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
  • Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
  • Billing and claims information (patient account number, patient identification number, and treatment cost information)

The breach has impacted several prominent healthcare providers and state-level health systems, including:

  • Corewell Health, HonorHealth
  • University Medical Center of Princeton Physicians’ Organization
  • Community Health Care Systems
  • State of Tennessee
  • Division of TennCare
  • Beaumont ACO
  • KidneyLink
  • Alliance for Integrated Care of New York, LLC
  • Compassion Health Care
  • Metro Community Health Centers
  • Advantage Care Diagnostic & Treatment Center,
  • Inc., Long Island Select Healthcare
  • Mid Florida Hematology & Oncology Centers P.A
  • d/b/a Mid-Florida Cancer Centers
  • Illinois Heath Practice Alliance, LLC
  • East Georgia Healthcare Center
  • Hudson Valley Regional Community Health Centers
  • and Upstate Family Health Center, Inc.

Impact and Response

HealthEC’s breach notification urges individuals to remain vigilant against identity theft and fraud. The company suggests regular monitoring of credit reports and financial statements for any unusual activities.

In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors.

Suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution.

HealthEC’s Notice (Source)

The initial disclosure did not reveal the extent of the impact, but recent updates from the U.S. Department of Health and Human Services’ breach portal indicate that over 4.5 million individuals are affected, explains Bleeping Computer.

Growing Cybersecurity Challenges in Healthcare

This data breach at HealthEC is part of a rising trend of cyberattacks in the healthcare industry. It highlights the growing concerns over the safety of patient information and emphasizes the need for stronger security measures in the healthcare sector.

If you’re interested in understanding how to better protect healthcare institutions, you can gain valuable insights from this article: Best Practices for Endpoint Security in Healthcare Institutions. This resource delves into effective cybersecurity strategies tailored for the healthcare industry.

If you’re looking for a endpoint security suite that covers multiple attack surfaces, such as: DNS security, next-gen antivirus, firewall, mobile device management, ransomware encryption protection, vulnerability management, privileged access management, and application control, book a demo with us.

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE