Major Data Breach at HealthEC Affects Millions

HealthEC LLC, a leading provider in health management solutions, experienced a significant data breach, impacting approximately 4.5 million individuals. This incident affected patients who received care through one of HealthEC’s client organizations.

The company’s population health management platform, used by numerous healthcare organizations, integrates various aspects of patient data, including analytics, care coordination, and compliance.

Details of the Cyberattack

The breach occurred between July 14 and 23, 2023, with unauthorized access to HealthEC’s systems being detected. Upon investigation, which concluded on October 24, 2023, it was discovered that the attacker extracted sensitive files.

The compromised data includes:

• Name
• Address
• Date of birth
• Social Security number
• Taxpayer Identification Number
• Medical Record number
• Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
• Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
• Billing and claims information (patient account number, patient identification number, and treatment cost information)

The breach has impacted several prominent healthcare providers and state-level health systems, including:

• Corewell Health, HonorHealth
• University Medical Center of Princeton Physicians’ Organization
• Community Health Care Systems
• State of Tennessee
• Division of TennCare
• Beaumont ACO
• KidneyLink
• Alliance for Integrated Care of New York, LLC
• Compassion Health Care
• Metro Community Health Centers
• Advantage Care Diagnostic & Treatment Center,
• Inc., Long Island Select Healthcare
• Mid Florida Hematology & Oncology Centers P.A
• d/b/a Mid-Florida Cancer Centers
• Illinois Heath Practice Alliance, LLC
• East Georgia Healthcare Center
• Hudson Valley Regional Community Health Centers
• and Upstate Family Health Center, Inc.

Impact and Response

HealthEC’s breach notification urges individuals to remain vigilant against identity theft and fraud. The company suggests regular monitoring of credit reports and financial statements for any unusual activities.

In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors.

Suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution.

HealthEC’s Notice (Source)

The initial disclosure did not reveal the extent of the impact, but recent updates from the U.S. Department of Health and Human Services’ breach portal indicate that over 4.5 million individuals are affected, explains Bleeping Computer.

Growing Cybersecurity Challenges in Healthcare

This data breach at HealthEC is part of a rising trend of cyberattacks in the healthcare industry. It highlights the growing concerns over the safety of patient information and emphasizes the need for stronger security measures in the healthcare sector.

If you’re interested in understanding how to better protect healthcare institutions, you can gain valuable insights from this article: Best Practices for Endpoint Security in Healthcare Institutions. This resource delves into effective cybersecurity strategies tailored for the healthcare industry.

If you’re looking for a endpoint security suite that covers multiple attack surfaces, such as: DNS security, next-gen antivirus, firewall, mobile device management, ransomware encryption protection, vulnerability management, privileged access management, and application control, book a demo with us.

If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.