Skip to main content
Medical Record

HealthEC Data Breach Investigation | Corewell Health

Written by Joseph Lyon on . Posted in Data Breach, Litigation Update.

The Lyon Firm is investigating data breach claims impacting more than one million Corewell Health, Beaumont ACO or MD Valuecare patients. The breach allegedly stems from an attack on HealthEC, a third party that provides Corewell Health with a population health management platform used to identify high-risk patients.

What Happened at HealthEC?

The Michigan Attorney General’s Office has announced that the protected health information of as many as a million patients had been compromised in a cyberattack on HealthEC.

The company explains in data breach notification letters that suspicious activity was identified within its network between July 14, 2023, and July 23, 2023. Files containing protected health information were allegedly removed from its systems during this time frame.

According to HealthEC, the following types of personal information were compromised: names, addresses, dates of birth, Social Security numbers, medical record numbers, diagnoses and diagnosis codes, mental/physical condition, prescription information, providers’ names, beneficiary numbers, subscriber numbers, Medicaid/Medicare identification numbers, patient account numbers, patient identification numbers, and treatment cost information.

Another HealthEC client known to have been impacted by the attack is Beaumont ACO in Michigan. Individuals may receive notification letters related to this incident from both providers if they have received services from both Corewell Health and Beaumont ACO.

The unauthorized party also copied confidential information belonging to MD Valuecare customers, including their names, dates of birth, medical information, and health insurance information.

This is the second data breach to impact Corewell Health patients this year. This more recent breach is separate from the Welltok breach that originated from the MOVEit ransomware attack.

If you receive a data breach notification from Corewell, HealthEC or MD Valuecare, it is important to understand the risks of medical identity theft and fraud. A data breach lawyer can help you learn more about how to protect yourself and take the next steps toward filing a class action claim.