Corewell Health reports second third party data breach in the span of one month

Corewell Health, Michigan's largest health system, has reported another data breach affecting over a million residents. The most recent breach involves HealthEC LLC, a population health management platform serving Corewell Health in Southeast Michigan. The specifics of the breach's timing are unclear, but affected patients were notified via mail on December 22.

The compromised data includes a wide range of personal and medical information, such as:

• names,
• addresses,
• Social Security numbers,
• medical records,
• diagnoses,
• insurance details,
• billing information.

No details are disclosed about the nature of the breach.

HealthEC is offering 12 months of credit monitoring and identity protection services to impacted individuals.

Previously, at the end of November, Corewell Health reported another breach involving Welltok, Inc., a software company and portal used by Corewell Health and Priority Health. This earlier breach, allowed unauthorized access to Welltok's MOVEit Transfer server, leading to data exfiltration.