Michigan – A Michigan healthcare system faced its second cyberattack this year, impacting over a million patients, state representatives report.
On Tuesday, Michigan’s Attorney General Dana Nessel revealed a data breach at HealthEC, a company working with Corewell Health in southeast Michigan. This incident leaked patients’ personal and health details.
HealthEC’s role involves pinpointing patients at high risk, bridging healthcare gaps, and identifying obstacles to ideal healthcare, as per their statement.
The exact nature of the leaked data remains unknown, but it might include names, addresses, birthdates, Social Security numbers, medical conditions, mental and physical health status, insurance details, treatment costs, and billing and claims data, the statement noted.
Check also: Tribe living in Michigan to benefit of recent bill supported by both parties
Notices were sent on December 22 to those affected by this breach, as confirmed by Nessel’s office.
“Health information is some of the most personal information we have,” Nessel said in a statement. “Michigan residents have been subjected to a surge of healthcare-related data breaches and deserve robust protection. It is critical that the Michigan legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General.”
Corewell Health informed the attorney general’s office prior to publicly announcing the breach.
Last month, Corewell Health shared news of a data breach at their partner Welltok, leading to the exposure of similar personal and health information. This breach affected over a million patients.
Nessel’s office advises those impacted by the breach to take measures like changing passwords, informing their banks or credit unions, and possibly placing a fraud alert on their credit records to guard against identity theft.
Check also: Atwood Stadium in Flint, MI
Growing number of incidents of this kind recently nationwideÂ
This incident is part of a growing trend of cyberattacks and data breaches targeting U.S. healthcare systems.
In Oklahoma, Integris Health, which operates hospitals and clinics statewide, reported a data breach in late November, as local media states. This breach involved unauthorized access to their data.
On Christmas Eve, the health system revealed that patients were getting messages from a group claiming to be behind the data breach. This group threatened to publish the data on the dark web unless they were paid.
Capital Health, which manages hospitals in Trenton and Pennington and primary care centers throughout New Jersey, announced last month that it was dealing with network disruptions. They suspect a “cybersecurity incident” but aren’t sure if any personal data was compromised.
Moreover, hospitals operated by Ardent Health Services, including two in New Jersey, had to redirect ambulances and cancel some non-urgent procedures following the discovery of a ransomware attack on Thanksgiving Day.