Tag: Security

More than 1 million Corewell Health patients impacted by security breach

CBS News Detroit Digital Brief for Nov. 30, 2023


CBS News Detroit Digital Brief for Nov. 30, 2023

04:01

(CBS DETROIT) – The health information of about 1 million patients of Corewell Health in Southeast Michigan and about 2,500 Priority Health members were impacted due to a security breach at Welltok, Inc.

Welltok provides patient communication services for Corewell Health in Southeast Michigan a portal for Priority Health, the health system’s health plan, according to Corewell Health

Officials at Welltok said its system and security concerns are resolved and are not aware of any fraud or identity theft after the breach. 

The type of information includes:

  • Priority Health members: Name, address and health insurance identification number
  • Corewell Health patients: Name, date of birth, email address, phone number, diagnosis, health insurance information and Social Security number

“The privacy of our patients, health plan members and team members is a top concern. We recently learned our vendor, Welltok, Inc., was affected by the MOVEit cyberattack that involved more than 2,000 organizations earlier this year. Welltok is communicating directly with the individuals whose data was affected by the attack, and credit monitoring is available to all impacted people,” Corewell Health said in a statement.  

According to Welltok, the impacted individuals were from the following organizations: 

  • Asuris Northwest Health
  • BridgeSpan Health
  • Blue Cross and Blue Shield of Minnesota and Blue Plus
  • Blue Cross and Blue Shield of Alabama
  • Blue Cross and Blue Shield of Kansas
  • Blue Cross and Blue Shield of North Carolina
  • Corewell Health
  • Faith Regional Health Services
  • Hospital & Medical Foundation of Paris, Inc. dba Horizon Health
  • Mass General Brigham Health Plan
  • Priority Health
  • Regence BlueCross BlueShield of Oregon
  • Regence BlueShield
  • Regence BlueCross BlueShield of Utah
  • Regence Blue Shield of Idaho
  • St. Bernards Healthcare
  • Sutter Health
  • Trane Technologies Company LLC and/or

How AI Can Help Healthcare Organizations Bolster Patient Data Security

How Hospitals Can Gain Visibility Into Their Data

If organizations do not know where their data is or what it looks like, they cannot properly secure it. Finding patient information within an organization is not an easy task and often requires computer programming skills.

Outdated technologies that leverage rules-based pattern matching to identify whether something is protected health information are difficult at best to get working properly, and they are no longer sufficient to protect healthcare organizations from their greatest risks.

But advancements in artificial intelligence are powering solutions to identify and inventory electronic protected health information (ePHI). The power of deep learning allows AI models to mimic the ability of trained humans in identifying ePHI, without needing to undertake cumbersome programming tasks and continuously tweak, test and analyze large amounts of search patterns and detection rules. That process is old school and limits organizations that want to scale.

LEARN MORE: How AI is making healthcare smarter.

How Hospitals Can Meet Better Standardization and Compliance

The National Institute of Standards and Technology provides guidance and resources for implementing security measures that comply with the HIPAA Security Rule, which serves to better protect patient information and reduce the impact of cyberattacks by safeguarding ePHI held or maintained by HIPAA-regulated entities.

As stated in the NIST 800-66r2 document: “The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures.”

The document provides updated and crucial implementation guidance for HIPAA-regulated entities to proactively protect patient data and identify and manage ePHI risks. As the de facto standard for best practice, NIST 800-66r2 directs organizations to have an incident response plan for all areas in which ePHI is being used, stored or shared.

The first step to achieving this is to

US Wellness Provides Notification of Data Security Incident

RALEIGH, N.C., HARRISBURG, Pa., and PHILADELPHIA, April 28, 2023 /PRNewswire/ — US Wellness has learned of a data security incident that may have involved personal and/or protected health information belonging to members of its wellness clients. US Wellness has sent notification letters to potentially involved individuals to notify them about this incident and provide resources to assist them.

On January 31, 2023, US Wellness’ vendor experienced a security incident that disrupted access to certain systems. In response, US Wellness took immediate steps to secure its systems and promptly launched an investigation. On February 9, 2023, US Wellness learned that certain personal and/or protected health information may have been impacted in connection with the incident.

There is no evidence of the misuse of any information potentially involved in this incident. However, on March 22, 2023, and April 26, 2023, US Wellness sent notification letters to the individuals whose personal and/or protected health information was potentially involved in this incident, providing them with information about what happened and steps they can take to protect their information.

Based on the investigation of the incident, the following personal and/or protected health information may have been involved in the incident: name, address, date of birth, member ID number, and/or Social Security number.

US Wellness takes the security of all information within its possession very seriously and implemented measures to enhance the security of its environment in an effort to minimize the risk of a similar incident occurring in the future. The notification letters that US Wellness sent to potentially affected individuals also included information about steps that individuals can take to protect their information.

US Wellness has established a toll-free call center to answer questions about the incident and related concerns. That call center is available Monday through

Two Rivers Public Health Department Notification of Data Security Incident

KEARNEY, Neb., April 14, 2023 /PRNewswire/ — Two Rivers Public Health Department (“TRPHD”) announced today that it has taken action after learning of a data security incident which may have impacted certain individuals’ personal information and/or protected health information. TRPHD began providing notice to all potentially impacted individuals on April 14, 2023.

What Happened? On or about November 9, 2022, TRPHD was notified of potential suspicious activity involving its server infrastructure. At the time, TRPHD’s outside information technology firm advised that it did not appear that any security incident or breach of personal information and/or protected health information had occurred. Nonetheless, in an abundance of caution, TRPHD retained privacy counsel and an external forensic investigation firm to fully investigate the nature and scope of the incident. The external forensic investigation firm confirmed that the data security incident involved unauthorized access to one (1) TRPHD employee’s Office365 account from on or about September 14, 2022 through November 8, 2022.

What Information Was Involved? While the forensic investigation was inconclusive as to any access to or acquisition of personal information and/or protected health information within the impacted account, TRPHD undertook a comprehensive and time intensive review of the entire contents of the impacted account to determine the presence of any personal information and/or protected health information contained therein. The investigation identified the existence of certain personal information and/or protected health information within the impacted mailbox. This comprehensive review process was completed on or about March 15, 2023.

What TRPHD Are Doing As stated above, in addition to the security protocols already in place, immediately following identification of the data security incident, TRPHD changed all passwords associated with its email accounts and undertook additional security measures to secure its systems. TRPHD also retained a professional forensic investigation firm

USVI’s First Digital Security Health Information Exchange Environmental Scan Released

Human Services Commissioner Kimberley Causey-Gomez prepares for a news briefing at Government House. (Source photo by Don Buchanan)
Department of Human Services Commissioner Kimberley Causey-Gomez (Source photo by Don Buchanan)

The Department of Human Services (DHS) has announced that the first-ever Digital Security Health Information Exchange Environmental Scan (USVI eScan 2023) has been completed and is available to the public.

Over the last several months, DHS contracted with Community Health IT Inc. (CommHIT) and conducted the first-ever Health Information Exchange eScan. This data will help provide local health-related entities and institutions, real-time access to important patient information, and identify the digital resources and assets needed to further strengthen the territory’s HIE.

The USVI eScan 2023 documents the care coordination needs of not just VI Medicaid members. It also captures the healthcare delivery and digital security ecosystem of healthcare providers, health-related IT professionals,

health executives, government agencies, and other stakeholder organizations that serve VI Medicaid. It provides recommendations to ensure success as the USVI stands up its HIE.

The 312-page USVI eScan 2023 is available in its entirety for viewing at:

The USVI eScan 2023 was a process of surveys, information gathering, and assessments that create a clear picture of health provider and institutional readiness, as well as infrastructure needs, to electronically connect medical providers safely, securely, and successfully to one another, to patients, and to national databases via the HIE.

The USVI eScan 2023 provides a snapshot of the current landscape, desires, and priorities of several key groups in the Medicaid Beneficiary ecosystem. CommHIT captured this “snapshot” by using approaches that include:

 Quantitative surveys of Medicaid providers, information technology (IT) professionals, and Health-related executives

 Qualitative interviews and focus groups of USVI hospital, federally-qualified health center, and Health Department Clinic personnel

The USVI eScan 2023 was a collaborative effort with the Department of Human Services Medicaid Program.

Medicaid Director, Gary A. Smith oversaw this complex project from

Back To Top