HealthEC LLC health tech reports data breach, exposing 4.5 million patients

HealthEC LLC, a company specializing in health management solutions, is reporting a significant data breach impacting about 4.5 million patients who received care through its client organizations. HealthEC offers a health management platform used by healthcare entities for various functions including data integration, analytics, and patient engagement.

The breach occurred over a period from July 14 to July 23, 2023, resulting in unauthorized access to HealthEC's systems. After a horough investigation, the extent of the breach was determined by October 24, 2023.

The intruder managed to steal files containing a wide range of personal and sensitive information, including:

• names,
• addresses,
• dates of birth,
• Social Security numbers,
• taxpayer identification numbers,
• medical records,
• detailed medical information (such as diagnoses, conditions, prescriptions, provider details),
• health insurance details (including beneficiary and subscriber numbers, Medicaid/Medicare identification),
• billing and claims data.

The nature of the attack is not disclosed.

HealthEC's notification to the affected individuals stressed the importance of remaining vigilant against identity theft and fraud. They recommended regularly reviewing account statements and monitoring credit reports for any suspicious activities or errors. The notification also advised promptly reporting any unusual activities to relevant entities like insurance companies, healthcare providers, or financial institutions.

A total of 4,452,782 individuals were affected. The breach had widespread implications, impacting 17 healthcare service providers and state-level health systems, including notable organizations such as Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York.