A data breach at Corewell Health has reportedly affected more than one million Michigan residents.
The names, dates of birth, email addresses, phone numbers, medical diagnoses, health insurance information and Social Security numbers for about one million Corewell Health patients were compromised in the breach. In addition, the names, addresses and health insurance identification numbers of 2,500 users of the healthy lifestyle portal for Priority Health, an insurance plan owned by Corewell, were also compromised, according to a statement from the health system earlier this month. In total, the breach affected nearly 8.5 people nationally.
The attack, which occurred on May 30, exploited software vulnerabilities on the MOVEit Transfer server owned by the parent company of Welltok, Inc., the software company contracted to provide communications services to Corewell Health’s southeastern Michigan properties.
According to the HIPAA Journal, this cyberattack marks the fourth-largest healthcare data breach in the U.S. this year. The U.S. Department of Health and Human Services reported that data breaches among healthcare organizations more than doubled from 2019 to 2021. In 2022, at least 28.5 million healthcare records were breached nationwide.
Welltok is sending a notice to any affected patients whose address they have on file, but anyone who believes they may have been affected can call the Welltok dedicated assistance line at 800-628-2141.
You can also submit a complaint to the Michigan Attorney General’s Consumer Protection Team here.
