HealthEC LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

HealthEC LLC, a New Jersey-based health technology company, experienced a significant data breach that affected approximately 4.4 million individuals. The breach was first reported to the Office of the Maine Attorney General on December 21, 2023, and later to the U.S. Department of Health and Human Services Office for Civil Rights[1][7].

The unauthorized access to HealthEC’s computer systems occurred between July 14 and July 23, 2023. During this period, cyber attackers were able to copy sensitive personal and health information of patients whose healthcare providers had provided this data to HealthEC[3][7]. The compromised data included names, addresses, dates of birth, Social Security numbers, taxpayer ID numbers, health insurance information (including subscriber numbers and Medicare and Medicaid IDs), benefits and claims information, medical record numbers, and medical records (including diagnoses, mental and physical conditions, drug prescriptions, and provider information)[1][3].

HealthEC began notifying impacted patients on or around December 22, 2023, which may have been in violation of state and federal laws due to the delay in communication[3]. The breach has led to multiple class action lawsuits being filed against HealthEC LLC[11].

The company has since secured its network, notified affected business partners, and advised federal law enforcement of the breach. HealthEC is also reviewing its existing policies and procedures relating to the information it holds[7]. Affected individuals have been advised to review their account statements for suspicious activity, request a free credit report, place a fraud alert on their credit file, and report any suspicious activities to relevant parties[7].

HealthEC LLC is a software company that provides a single-platform solution designed to facilitate personalized healthcare by identifying high-risk patients, closing care gaps, and recognizing barriers to optimal care. The platform is used by over 1 million healthcare professionals in 18 states[1][5].

Citations:

  1. https://www.jdsupra.com/legalnews/update-victim-count-in-healthec-data-3768523/
  2. https://www.everydayhealth.com
  3. https://www.prnewswire.com/news-releases/privacy-alert-healthec-under-investigation-for-data-breach-of-4-5-million-patient-records-302032096.html
  4. https://www.healthline.com
  5. https://www.jdsupra.com/legalnews/healthec-notifies-md-valuecare-patients-4086395/
  6. https://www.iqvia.com
  7. https://www.infosecurity-magazine.com/news/healthec-breach-millions-patients/
  8. https://nyulangone.org
  9. https://siliconangle.com/2024/01/03/population-health-software-company-healthec-suffers-major-data-breach/
  10. https://www.henryford.com
  11. https://www.hipaajournal.com/healthec-data-breach/
  12. https://www.nih.gov
  13. https://cybernews.com/news/healthec-breach-4-million-compromised/
  14. https://www.trinity-health.org
  15. https://www.myinjuryattorney.com/healthec-data-breach-class-action-investigation-and-lawsuit-assistance/
  16. https://uthscsa.edu
Breach Submission Date Dec 21, 2023
Converted Entity Name HealthEC LLC
Converted Entity Type Business Associate
State NJ
Individuals Affected 4,452,782
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes