From tuxcare.com
The HealthEC Breach Details
The data breach, discovered on December 22, 2023, resulted in unauthorized access to HealthEC’s systems. By the time the inquiry was finished on October 24, 2023, it was clear that the hacker had accessed private data without authorization. The compromised data includes names, addresses, dates of birth, social security numbers, taxpayer identification numbers, medical records, and extensive healthcare-related details such as diagnoses, prescription information, and insurance details.
Impacted Individuals and Healthcare Organizations
Initially, HealthEC did not disclose the extent of the breach, but a report sent to the Attorney General’s office in Maine indicated that 112,005 individuals associated with MD Valuecare were affected. A subsequent disclosure on the breach portal of the U.S. Department of Health and Human Services painted a more comprehensive picture, revealing that a staggering 4,452,782 individuals were impacted. The breach had ramifications for 17 healthcare service providers and state-level health systems, including notable names like Corewell Health, HonorHealth, Beaumont ACO, State of Tennessee – Division of TennCare, University Medical Center of Princeton Physicians’ Organization, and the Alliance for Integrated Care of New York.
HealthEC has advised affected individuals to remain vigilant against identity theft and fraud. The company recommends regular review of account statements, explanation of benefits statements, and monitoring free credit reports for any suspicious activities or errors. Additionally, it is essential to promptly notify relevant parties—such as insurance companies, healthcare providers, and financial institutions—of any suspicious activity.