A stethoscope sits on top of a laptop computer, implying a potential data breach.

Imagine waking up one day to find out that your personal information, including your medical records, has been exposed in a data breach. That’s the reality for nearly 4.5 million individuals who received care through HealthEC LLC, a provider of health management solutions.

HealthEC offers a population health management (PHM) platform used by healthcare organizations for data integration, analytics, care coordination, patient engagement, compliance, and reporting. However, between July 14 and 23, 2023, the company experienced a data breach resulting in unauthorized access to some of its systems.

What was stolen in the breach?

After concluding an investigation on October 24, 2023, it was discovered that the intruder had stolen files containing:

  • Name
  • Address
  • Date of birth
  • Social Security number
  • Taxpayer Identification Number
  • Medical Record number
  • Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
  • Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
  • Billing and claims information (patient account number, patient identification number, and treatment cost information)

According to HealthEC’s notification, individuals should remain vigilant against identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports. They recommend reporting any suspicious activity to relevant parties, such as insurance companies, healthcare providers, or financial institutions.

How many people were affected?

At first, the number of people impacted by the breach was unclear. However, a recent submission to Maine’s Attorney General’s office revealed that just one of HealthEC’s clients, MD Valuecare, had 112,005 affected individuals. The total number of affected individuals across all clients was later reported to be 4,452,782.

There were 17 healthcare service providers and state-level health systems impacted by the cyberattack on HealthEC. Some major organizations listed in the notice include Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians’ Organization, and the Alliance for Integrated Care of New York.

Take action to protect your business

As a business owner, it’s essential to understand that cybersecurity breaches can happen to any organization, regardless of size or industry. Protecting your customers’ information is not just a matter of good business practice; it’s your responsibility.

If you’re concerned about your company’s cybersecurity posture, it’s time to take action. Reach out to us at ZZ Servers, and let our team of experts help you secure your business and safeguard your customers’ data. Don’t wait until a breach happens; be proactive and protect your business today.