Michigan health system reports 2nd data breach, affecting more than 1M patients

Corewell Health, a Michigan health system, reported a data breach among a vendor that may have exposed personal and medical data of more than 1 million patients.

A health system in Michigan has experienced its second cybersecurity breach this year, affecting more than 1 million patients, according to state officials.

Michigan Attorney General Dana Nessel announced Tuesday there was a breach at HealthEC, a vendor that provides services to Corewell Health's southeast Michigan properties. The breach exposed patients' personal and medical information.

HealthEC services is helping to "identify high-risk patients, close gaps in care and recognize barriers to optimal care," according to a release.

It's unclear what specific information was exposed but it can include name, address, date of birth, Social Security number, medical diagnoses, mental/physical condition, health insurance information, treatment cost information and billing and claims information, the release said.