Rewterz Threat Update – 4.5 Million Patients Impacted Due to Healthcare Tech Company Data Breach

Severity

High

Analysis Summary

A health management solutions provider, HealthEC LLC, recently suffered a data breach that has impacted almost 4.5 million patients who received healthcare from one of the company’s customers. On 22^nd December 2023, the company reported a data breach on July 14 and 23, resulting in unauthorized access to some of its systems.

HealthEC is responsible for providing services through a population health management (PHM) platform that is used by healthcare organizations for data analytics, integration, patient engagement, care coordination, reporting, and compliance. The investigation of the incident was concluded on 24^th October, revealing that the threat actor managed to steal sensitive files from the impacted systems of the following data types:

• Name
• Address
• Date of birth
• Social Security number
• Taxpayer Identification Number
• Medical Record number
• Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
• Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
• Billing and claims information (patient account number, patient identification number, and treatment cost information)

The notification sent out by HealthEC warns that the affected individuals need to stay vigilant about possible incidents of identity theft and fraud by explaining benefits statements, reviewing account statements, and monitoring free credit reports for detecting errors and any suspicious activities. It is recommended to promptly report any suspicious activity to the relevant authorities and parties like healthcare providers, insurance companies, and financial institutions.

HealthEC didn’t specify the number of people who were impacted at the time of the cyberattack. Still, one of the firm’s clients received a report showing the individuals of just one company affected by the breach to be 112,005. The latest listing that has been uploaded to the breach portal of the U.S. Department of Health and Human Services shows the total number of affected people is 4,452,782.

There are a total of 17 healthcare organizations and state-level health systems that were impacted by the data breach in the systems of the HealthEC tech solutions provider. Some of the notable organizations listed in the notice are HonorHealth, Corewell Health, State of Tennessee – Division of TennCare, Beaumont ACO, Alliance for Integrated Care of New York, and the University Medical Center of Princeton Physicians’ Organization.

Impact

• Identity Theft
• Unauthorized Access
• Sensitive Information Theft

Remediation

• Impacted individuals need to stay vigilant about possible incidents of identity theft and fraud, and promptly report any suspicious activity to the relevant authorities.
• Implement multi-factor authentication (MFA) on all accounts to add an extra layer of security to login processes.
• Consider the use of phishing-resistant authenticators to further enhance security. These types of authenticators are designed to resist phishing attempts and provide additional protection against social engineering attacks.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.
• Never trust or open links and attachments received from unknown sources/senders.