Third-party breach impacts nearly 1M Corewell Health patients

Michigan-based health system Corewell Health had almost 1 million patients' personal and medical data compromised following a breach of its vendor HealthEC, MLive reports. Attackers were able to exfiltrate individuals' names, birthdates, addresses, and Social Security numbers, as well as their patient account numbers, mental and physical conditions, diagnoses, prescription details, health insurance data, and other information as a result of the HealthEC breach, according to Michigan Attorney General Dana Nessel, who also noted that the HealthEC incident also impacted Beaumont ACO. Such a breach, which is the second third-party hack experienced by Corewell Health after being affected by the compromise of its patient-communication service provider Welltok, should prompt the passage of a state law mandating immediate breach notifications, noted Nessel. "It is critical that the Michigan Legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General," Nessel said.