HealthEC is a Corewell Health vendor providing services to “identify high-risk patients, close gaps in care and recognize barriers to optimal care.” Notice letters were mailed to impacted persons by HealthEC on December 22, 2023. While not all persons have the same impacted data, the impacted data can include: name; address; date of birth; Social Security number; medical record number; medical information, such as diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name; health insurance information, including beneficiary number, subscriber number, Medicaid and/or Medicare identification number; billing and claims information, including patient account number, patient identification number, and treatment cost information.
“Health information is some of the most personal information we have,” said Michigan Attorney General Dana Nessel. “Michigan residents have been subjected to a surge of healthcare-related data breaches and deserve robust protection. It is critical that the Michigan legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General.”
Corewell Health contacted the Department of Attorney General ahead of their public announcement about this most recent breach; however, that is not currently required by Michigan law. The Department often learns about data breaches through media reports.
HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion. Information on how to enroll will be mailed directly to potentially impacted patients. For additional information, consumers can call 1-833-466-9216 toll-free.
A smaller number of individuals were also impacted through Beaumont ACO. Beaumont ACO has a separate contract with HealthEC. Because of this, two separate patient notices are going out, and impacted individuals may receive two notice letters. Corewell Health has advised that impacted data is the same for both Beaumont ACO and Corewell Health.
“Some Corewell patients may receive two letters due to the impact of this breach, which may cause confusion,” Nessel added. “Irrespective of how or when you’ve been impacted by a security breach, my Department stands ready to help Michigan residents protect their identities and personal information.”
To file a complaint with the Attorney General, or get additional information, contact:
|