HealthEC LLC, a New Jersey-based provider of health management solutions, has suffered a major data breach that exposed personally identifiable information of individuals who received care through one of the company’s customers. The HealthEC Data Breach has compromised the records of some 4.5 million individuals in total.
HealthEC Data Breach – What Happened?
On December 22, HealthEC made a public announcement regarding a data breach that occurred between July 14 and 23, 2023. During this breach, unauthorized individuals gained access to some of HealthEC’s systems.
In their breach notice, HealthEC explains that they detected suspicious activity on their network in July. Upon conducting an investigation, which concluded on October 24, it was determined that certain files were copied from the network between July 14 and July 23.
The threat actors involved in the HealthEC LLC Cyberattack accessed information includes names, addresses, dates of birth, Social Security numbers, taxpayer identification numbers, medical record numbers, medical information, health insurance information, and billing and claims data.
At the time of the cyber attack on HealthEC LLC, the firm did not provide specific details on the number of individuals affected. However, a submission to Maine’s Attorney General’s office regarding one of their clients, MD Valuecare, indicated that 112,005 individuals were impacted.
New Listing for HealthEC Data Breach on Breach Portal Reveals 4.5 Million Affected Individuals
Recently, a new listing for HealthEC LLC cyber attack appeared on the U.S. Department of Health and Human Services’ breach portal, revealing the broader scope of the incident. It states that a total of 4,452,782 individuals have been affected.
The cyberattack on HealthEC’s tech solutions provider has impacted 17 healthcare service providers and state-level health systems.
The stolen data also includes information from several business partners, such as Advantage Care Diagnostic & Treatment Center Inc., Alliance for Integrated Care of New York LLC, Beaumont ACO, Community Health Care Systems, Compassion Health Care, Corewell Health, HonorHealth, KidneyLink, Metro Community Health Centers, State of Tennessee Division of TennCare, University Medical Center of Princeton Physicians’ Organization, and various others.
While HealthEC did not provide specific details about the form of the attack, they have taken immediate action to secure their network. They have also notified the affected business partners and involved federal law enforcement in the matter. At this time, no ransomware gang has claimed responsibility for the attack, and there is currently no evidence to suggest that it was a ransomware attack.
“In general, individuals should remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and to detect errors,”
Reads HealthEC’s notification.
The firm recommends that:
“suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution.”
