For the second time in just a few months, Corewell Health patients in Southeast Michigan may have had their medical information exposed in a data breach.
According to Attorney General Dana Nessel, this breach involves HealthEC, LLC., which is a population health management platform that provides services to Corewell Health.
HealthEC mailed impacted individuals notice letters on Dec. 22, 2023.
The information that may have been exposed includes names, addresses, dates of birth, Social Security numbers, medical record numbers, and other medical information such as diagnoses, diagnosis codes, mental/physical conditions, provider’s names, billing and claims information and more.
“Health information is some of the most personal information we have,” said Michigan Attorney General Dana Nessel. “Michigan residents have been subjected to a surge of healthcare-related data breaches and deserve robust protection. It is critical that the Michigan legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General.”
This is the second time Corewell Health patients have had medical information exposed recently.
In November, a similar breach occurred but involved Welltok, Inc., a software company that provides communication services for Corewell Health.
Nessel said the health system contacted her about the recent breach with HealthEC, although this is not required by state law, and she often learns of data breaches through the media.
Due to the breach, HealthEC is offering 12 months of credit monitoring and identity protection services to patients through TransUnion.
For more information on how to enroll, patients can call 1-833-466-9216. Patients whose information was potentially exposed will be mailed information about registering.
In addition, according to Nessel, some patients were impacted through Beaumont ACO. Beaumont ACO and HealthEC work under a separate contract, so some patients may receive two notice letters about the data breach.