Nearly 4.5M hit by HealthEC data breach

New Jersey-based population health management software firm HealthEC had personal and health information from almost 4.5 million individuals following a data breach in July, reports SiliconAngle. Attackers were able to infiltrate HealthEC's network from July 14 to 23, enabling exfiltration of names, birthdates, addresses, Social Security numbers, and taxpayer identification numbers, as well as medical data, medical record numbers, health insurance details, and claims information from patients served by Corewell Health, KidneyLink, Beaumont ACO, HonorHealth, and other healthcare providers across the U.S., said HealthEC in a breach notice on its website. No further details regarding the intrusion, which has not yet been credited to any ransomware gang, have been provided but HealthEC emphasized that it has already bolstered its network defenses. The incident highlights the importance of a "threat-informed defense strategy" among organizations working with sensitive data, according to AttackIQ Adversary Research Team Chapter Lead Andrew Costis. Meanwhile, Swimlane Lead Security Automation Architect Nick Tausek urged the prioritization of threat detection and response in health organizations.