Top US healthcare firm reveals data breach affected millions of patients

Image Credit: Pixabay (Image credit: Image Credit: Pixabay)

Healthcare tech firm HealthEC has confirmed it suffered a data breach in the summer of 2023 during which it lost sensitive data belonging to 4.5 million people, customers of its clients.

In a report filed with Maine's Attorney General's office, the company said the attack happened between July 14 and July 23 last year, and that hackers stole names and other personal identifiers.

However, BleepingComputer reports that the attackers stole people’s names, postal addresses, birth dates, Social Security Numbers, Taxpayer Identification Numbers, medical record numbers, medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider's name and location), health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification), and billing and claims information (patient account number, patient identification number, and treatment cost information), citing a notification published by a victim.

More than a dozen victims

As the data was stolen from HealthEC’s clients, multiple firms were affected by the incident. Some of the firms listed in the notice are Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, the University Medical Center of Princeton Physicians' Organization, and the Alliance for Integrated Care of New York.

As an example, it was reported that MD Valuecare has 112,005 patients with stolen information.

"In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors," HealthEC said in its notification. The company added that "suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution."

Patients should exercise extra caution when receiving email messages and other communication from people claiming to be employees of any of these firms.

HealthEC develops a population health management platform (PHM) used by various healthcare firms for data analytics, compliance, reporting, and more.

More from TechRadar Pro

23andMe hackers accessed a whole lot of user's personal data
Here's a list of the best firewalls today
These are the best endpoint protection services right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.