Michigan Attorney General Dana Nessel is advocating for legislation to enact mandatory data breach reporting, ensuring increased transparency after Corewell Health experienced two data breaches in 2023, WEMU reported Jan. 2.
Grand Rapids and Southfield, Mich.-based Corewell Health experienced two data breaches in the year 2023. In both instances, the health system delayed reporting the breaches for a period of six months, according to the radio station.
Ms. Nessel said the breaches disclosed both identity and medical information of patients, including details such as prescriptions, diagnoses and billing information. She emphasized the potential misuse of medical data, warning individuals to be vigilant about unexpected calls or notices from debt collectors for medical debts they did not incur.
According to the station, those affected by the breach have been notified and are advised to take protective measures such as changing passwords and placing a fraud alert on their credit files.
As a result of the breaches on Corewell, Ms. Nessel is advocating for legislation that mandates reporting procedures to enhance transparency in these cases. Healthcare systems are legally obligated to report breaches in 34 other states, prompting her call for similar measures to be implemented in Michigan.