The Attorney General reports a second data breach that may impact thousands of patients of Corewell Health.
- Tuesday, December 26, Michigan Attorney General Dana Nessel announced that about one million Corewell Health patients in Michigan may have had their personal and medical information exposed.
This comes less than a month after a data breach of another Corewell Health vendor that also is believed to have exposed similar personal and medical information of about one million patients serviced by the health system.
In this latest breach, the compromised vendor, HealthEC, mailed letters on Dec. 22 to those impacted, Nessel said.
Information exposed may include: names, addresses, Social Security numbers, dates of birth, diagnoses, mental/physical conditions, prescription information, patient account numbers, health insurance information, treatment cost information, provider names and more.
Corewell formerly operated as Spectrum Health but changed its name to Corewell after it merged with Beaumont Health in 2022.
Nessel said her department often learns about data breaches through the media. Nessel wants state lawmakers to require companies to report data breaches to her office.
Nessel said this latest breach also impacted a smaller number of people through Beaumont ACO, which also uses HealthEC.
To those impacted, HealthEC is offering 12 months of credit monitoring and identity protection services through TransUnion. Information on how to enroll will be mailed directly to potentially impacted patients. People can also call 1-833-466-9216 for more information.
The first data breach of about 1 million Corewell Health patients in southeast Michigan was announced Dec. 1.
The breach occurred through Welltok Inc., which provides patient-communication services for Corewell Health on the southeast side of the state as well as a Priority Health healthy lifestyle portal for the health system’s health plan.