State officials are calling for legislative action following a data breach impacting around 1 million southeast Michigan residents.
In the state of Michigan, health systems are not mandated to report data breaches. Corewell Health experienced two data breaches in 2023. In both cases, the health system waited six months to report the breach.
Attorney General Dana Nessel says this breach includes identity and medical information, such as records of prescriptions, diagnoses, and billing information.
“Because this is medical information to look for things you normally wouldn’t, right? You might be getting calls or mail notices from debt collectors for medical debts that you don’t owe.”
Those whose data has been compromised have been notified and are encouraged to change their passwords and put a fraud alert on their credit file.
Nessel is calling for legislation to mandate reporting procedures to provide more transparency on data breaches. Health care systems are required by law to report breaches in 34 other states.
Non-commercial, fact based reporting is made possible by your financial support. Make your donation to WEMU today to keep your community NPR station thriving.
Like 89.1 WEMU on Facebook and follow us on Twitter
Contact WEMU News at 734.487.3363 or email us at studio@wemu.org
