Michigan-based health system Corewell Health had almost 1 million patients' personal and medical data compromised following a breach of its vendor HealthEC, MLive reports.
Attackers were able to exfiltrate individuals' names, birthdates, addresses, and Social Security numbers, as well as their patient account numbers, mental and physical conditions, diagnoses, prescription details, health insurance data, and other information as a result of the HealthEC breach, according to Michigan Attorney General Dana Nessel, who also noted that the HealthEC incident also impacted Beaumont ACO.
Such a breach, which is the second third-party hack experienced by Corewell Health after being affected by the compromise of its patient-communication service provider Welltok, should prompt the passage of a state law mandating immediate breach notifications, noted Nessel.
"It is critical that the Michigan Legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General," Nessel said.
The U.S. Federal Communications Commission imposed $196 million in total fines to AT&T, T-Mobile, and Verizon for engaging in the unlawful sale of customers' location information to data aggregators, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that U.S. nationally licensed debt collection agency Financial Business and Consumer Solutions had information from more than 1.95 million individuals across the country compromised following a data breach in February.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news