Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

HealthEC data breach impacted more than 4.5 Million people

Healthcare technology company HealthEC disclosed a data breach that exposed the personal information of 4.5 million Individuals. Healthcare technology company HealthEC (HEC) disclosed a data breach that impacted 4.5 million customers of its business partners. HealthEC is a healthcare technology company that provides solutions for care coordination, population health management, and value-based care. The company’s […]

Xsolis

Healthcare technology company HealthEC disclosed a data breach that exposed the personal information of 4.5 million Individuals.

Healthcare technology company HealthEC (HEC) disclosed a data breach that impacted 4.5 million customers of its business partners.

HealthEC is a healthcare technology company that provides solutions for care coordination, population health management, and value-based care. The company’s platform is designed to help healthcare organizations, providers, and payers improve patient outcomes, enhance care coordination, and manage population health effectively.

HEC discovered that an unknown actor gained access to some of its systems between July 14, 2023 and July 23, 2023, and copied some files. The files contained information belonging to some of HEC’s clients. The healthcare firm began notifying impacted clients on October 26, 2023, and worked with them to notify potentially impacted individuals.

The types of information vary by individual but includes name, address, date of birth, Social Security number, Taxpayer Identification number, Medical Record number, Medical information (including but not limited to Diagnosis, Diagnosis Code, Mental/Physical Condition, Prescription information, and provider’s name and location), Health insurance information (including but not limited to beneficiary number, subscriber number, Medicaid/Medicare identification), and/or Billing and Claims information (including but not limited to patient account number, patient identification number, and treatment cost information).

“HealthEC’s impacted business partners include Corewell Health, HonorHealth, University Medical Center of Princeton Physicians’ Organization, Community Health Care Systems, State of Tennessee, Division of TennCare, Beaumont ACO, KidneyLink, Alliance for Integrated Care of New York, LLC, Compassion Health Care, Metro Community Health Centers, Advantage Care Diagnostic & Treatment Center, Inc., Long Island Select Healthcare, Mid Florida Hematology & Oncology Centers, P.A, d/b/a Mid-Florida Cancer Centers, Illinois Heath Practice Alliance, LLC, East Georgia Healthcare Center, Hudson Valley Regional Community Health Centers, and Upstate Family Health Center, Inc.” reads a notice published by the company on its website.

According to the data breach notification sent to the US Department of Health and Human Services on December 21, 2023, the number of impacted individuals is 4.452.782.

Health EC is recommending that impacted individuals remain vigilant against possible identity theft and fraud attacks. The company suggests reviewing account and benefits statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity and detecting errors.

“Suspicious activity should be promptly reported to relevant parties including an insurance company, health care provider, and/or financial institution.” concludes the notice.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Artificial Intelligence)