In November, Corewell Health announced a data breach at Welltok, Inc., a software company contracted by Corewell to provide communication services. That breach impacted one million patients.
Late last week, Corewell announced a second data breach from another vendor, HealthEC, a population health management platform, exposing the info of more than one million Michigan residents. Notice letters were sent out to impacted persons by HealthEC on December 22. While not all residents have the same impacted data, it can include social security numbers, billing information and medical diagnoses.
Corewell is not the only Michigan-based healthcare provider experiencing data breaches. Earlier this year, McLaren Health Care notified residents of a ransomware attack affecting 2.5 million patients, and in August, University of Michigan dealt with its own cyberattack.
In a statement to WGVU, Corewell Health said, quote:
“The privacy of our patients is a top concern. We recently learned our vendor, HealthEC, LLC, was affected by a cyberattack that involved more than 15 organizations earlier this year. HealthEC is communicating directly with individuals whose data was affected by the attack, and credit monitoring is available to all impacted people.” End quote.