Second data breach impacts 1 million Corewell Health patients

LANSING, Mich. (WXYZ) — A second data breach has exposed the information of more than 1 million Corewell Health patients in Michigan.

Michigan Attorney General Dana Nessel confirmed a breach at HealthEC, a vendor that provides services to Corewell's Southeast Michigan properties.

Impacted data can include names, addresses, social security numbers, billing information, and other personal information. Notice letters were mailed to those impacted on Dec. 22.

“Health information is some of the most personal information we have,” Nessel said in a statement. “Michigan residents have been subjected to a surge of healthcare-related data breaches and deserve robust protection. It is critical that the Michigan legislature join the many other states that require companies who experience a data breach to immediately inform the Department of Attorney General.”

Last month, Corewell announced a data breach at Welltok, a company that provides communications services. That breach also impacted 1 million patients.

Some patients at Beaumont ACO were also impacted.

“Some Corewell patients may receive two letters due to the impact of this breach, which may cause confusion,” Nessel said. “Irrespective of how or when you’ve been impacted by a security breach, my Department stands ready to help Michigan residents protect their identities and personal information.”

FOX 17 reached out to Corewell Health to find out how the company was working to protect against future attacks. The company released this statement:

When FOX 17 asked Corewell about any steps being taken to protect patient information on a company level, representatives told us they "regularly review [their] relationships with vendors and their data security practices."

Credit monitoring and identity protection services are being offered to people impacted. You can find more information on Health EC’s website or by calling 1-833-466-9216.