HQ/EMEAFind out how we can help your business
HealthEC LLC, one of the leading providers of health management solutions, revealed that it suffered a significant data breach that could compromise a staggering 4.5 million patients. Based on reports, the affected company identified the unauthorised access last year and executed an investigation before revealing it to the public.
HealthEC offers a Population Health Management (PHM) platform, a comprehensive solution involving data integration, analytics, care coordination, patient engagement, compliance, and reporting for healthcare organisations. The breach resulted in unauthorised access to the company’s systems, prompting an investigation that concluded on October 24, 2023.
The attacker of HealthEC LLC harvested various sensitive data.
The intruder on HealthEC LLC allegedly stole sensitive information from the breached systems, such as names, addresses, dates of birth, Social Security numbers, Taxpayer Identification Numbers, medical record numbers, and extensive medical information such as diagnosis, prescription details, and provider data.
In addition, the attack has also compromised sensitive details, including health insurance details, billing, claims information, patient account numbers and treatment costs.
In its official notification, HealthEC urged affected individuals to stay vigilant against fraud and identity theft. The company recommended that relevant parties review their account statements, explain benefits statements, and monitor free credit reports for suspicious activity. Hence, they should promptly report any unauthorised activity to authorities, including insurance companies, healthcare providers, and financial institutions.
HealthEC initially downplayed the extent of the breach after reporting to the Maine Attorney General’s office, stating that the attack only impacted 112,005 individuals from MD Valuecare, one of HealthEC’s clients.
However, the latest information from the breach portal of the US Department of Health and Human Services reveals that there are 4,452,782 individuals affected by the breach, involving 17 healthcare service providers and state-level health systems.
The confirmed affected organisations of the breach are prominent names like Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, University Medical Center of Princeton Physicians’ Organization, and the Alliance for Integrated Care of New York.
The severity of the breach has raised concerns about the cybersecurity measures within the HealthEC. Therefore, healthcare organisations should improve their defences by placing robust security protocols that could protect patient data in an increasingly sophisticated digital era.
