Corewell Health had two data breaches in two months, over one million patients affected

Over one million Michigan residents have been affected by a second Corewell Health cybersecurity breach, releasing personal confidential information. 

The cybersecurity breach occurred at HealthEC, LLC., a population health management platform that provides services to Corewell Health.

Michigan Attorney General Dana Nessel confirmed the breach, Tuesday, saying that letters were sent out on December 22 to patients affected by the breach, and some may be receiving two letters. 

Corewell Health, formerly known as Spectrum Health, had a similar breach last month, leaking the private information of almost one million people. 

Information in these leaks can include name, address, date of birth, Social Security number, medical record number, medical information, such as diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name, health insurance information, including beneficiary number, subscriber number, Medicaid and/or Medicare identification number, billing and claims information, including patient account number, patient identification number, and treatment cost information.

Attorney General Nessel calls for Michigan legislature to address the surge of healthcare related data breaches and to better protect the personal information of Michigan citizens. 

"It is critical that the Michigan legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General," Nessel said in a press release. 

Corewell Health had contacted the Department of the Attorney General prior to the public announcement of leaked information, something they were not required to do. 

Currently, HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion.

Those affected can find information more by calling (833) 466-9216.