Corewell Health Data Breach Exposes Thousands of Patients’ Sensitive Information
In early 2024, Corewell Health disclosed a data breach affecting approximately 19,000 patients, stemming from a security incident at its former vendor, Pinnacle Holdings. The consulting firm, which previously provided healthcare services to Corewell, experienced the breach, compromising a range of sensitive data.
The exposed information included names, contact details, Social Security numbers, medical records, and insurance information. While Pinnacle Holdings stated it had implemented additional safeguards and found no evidence of fraudulent activity, Corewell Health conducted a review to identify impacted individuals.
Affected patients were notified by mail and offered free credit monitoring and identity protection services. Additional support is available through a dedicated call center at 866-686-2607 and on Pinnacle Holdings’ website. The incident highlights ongoing risks in third-party vendor security within the healthcare sector.
Source: https://www.fox2detroit.com/news/thousands-corewell-health-patients-affected-2024-vendor-data-breach
Oleen Pinnacle Healthcare Consulting cybersecurity rating report: https://www.rankiteo.com/company/oleen-pinnacle-healthcare-consulting
Corewell Health cybersecurity rating report: https://www.rankiteo.com/company/corewell-health
"id": "OLECOR1774672026",
"linkid": "oleen-pinnacle-healthcare-consulting, corewell-health",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '19000',
'industry': 'Healthcare',
'name': 'Corewell Health',
'type': 'Healthcare Provider'},
{'industry': 'Healthcare Services',
'name': 'Pinnacle Holdings',
'type': 'Vendor/Consulting Firm'}],
'customer_advisories': 'Affected patients were notified by mail and offered '
'free credit monitoring and identity protection '
'services. Additional support is available through a '
'dedicated call center at 866-686-2607 and on Pinnacle '
'Holdings’ website.',
'data_breach': {'number_of_records_exposed': '19000',
'personally_identifiable_information': 'Names, contact '
'details, Social '
'Security numbers, '
'medical records, '
'insurance information',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and medical '
'information'},
'date_publicly_disclosed': '2024-early',
'description': 'In early 2024, Corewell Health disclosed a data breach '
'affecting approximately 19,000 patients, stemming from a '
'security incident at its former vendor, Pinnacle Holdings. '
'The consulting firm, which previously provided healthcare '
'services to Corewell, experienced the breach, compromising a '
'range of sensitive data. The exposed information included '
'names, contact details, Social Security numbers, medical '
'records, and insurance information. While Pinnacle Holdings '
'stated it had implemented additional safeguards and found no '
'evidence of fraudulent activity, Corewell Health conducted a '
'review to identify impacted individuals. Affected patients '
'were notified by mail and offered free credit monitoring and '
'identity protection services.',
'impact': {'data_compromised': 'Names, contact details, Social Security '
'numbers, medical records, and insurance '
'information',
'identity_theft_risk': 'High'},
'lessons_learned': 'Highlights ongoing risks in third-party vendor security '
'within the healthcare sector',
'references': [{'source': 'Corewell Health Disclosure'}],
'response': {'communication_strategy': 'Notification by mail, dedicated call '
'center (866-686-2607), support on '
'Pinnacle Holdings’ website',
'containment_measures': 'Additional safeguards implemented',
'remediation_measures': 'Review to identify impacted '
'individuals, notification by mail, free '
'credit monitoring and identity '
'protection services'},
'title': 'Corewell Health Data Breach Exposes Thousands of Patients’ '
'Sensitive Information',
'type': 'Data Breach'}