Corewell Health Vendor Breach Exposes Data of 19,000 Patients

Corewell Health, a Michigan-based healthcare provider, reports a data breach affecting approximately 19,000 patients following a security incident at its vendor, Pinnacle Holdings LTD. 

The breach was disclosed Pinnacle Holdings, a Colorado-based consulting firm, notified Corewell that an unauthorized actor gained access to its systems and acquired patient files in early 2026 after a review of a network disruption that occurred in late 2024. 

The incident took place between November 11 and November 25, 2024. Pinnacle Holdings discovered a network disruption on November 25, 2024, and started an investigation with third-party cybersecurity specialists. The investigation confirmed that the threat actor successfully stole data from the company's network during the two-week window.

The compromised data includes:

• Social Security numbers and taxpayer ID numbers
• Driver’s license, state ID, and passport numbers
• Financial account and payment card information
• Online account credentials and digital signatures
• Biometric data and dates of birth
• Medical records, diagnoses, and prescription information
• Health insurance policy and Medicare/Medicaid numbers
• Contact details including names, addresses, and phone numbers

The breach affected approximately 19,000 Corewell Health patients. 

Pinnacle Holdings notified law enforcement and says it has since added technical safeguards to secure its environment and prevent future disruptions. Affected individuals are getting notification letters and offers for free credit monitoring and identity protection services.

This incident follows two breaches at Corewell Health in late 2023 involving vendors Welltok and HealthEC.