WXYZ — The Michigan attorney general is calling on the state legislature to take action on data breaches after Corewell Health experienced its second data breach this year.
According to the AG's office, the personal information of 1 million patients was exposed. That includes names, addresses, social numbers, health diagnoses, treatment cost information, Medicaid and/or Medicare identification numbers, etc.
AG Dana Nessel told 7 Action News that 34 states require companies to report a data breach to their respective AG's office, but Michigan is not one of them.
She said action by Lansing lawmakers is needed to give patients better protection and to allow her office to have the proper authority to investigate these cases.
Nessel said the end goal is to hold companies accountable when they fail to properly store and secure medical information and when they fail to inform patients and the AG's office about a data breach.
The AG said the sooner a person is made aware that their personal information is part of a breach, the sooner they can take action to protect themselves.
When asked what accountability looks like, Nessel said, "We could have fines that are associated with a failure to use at least minimal levels of security practices, a failure to use best practices to store this information and secure this information, and then also, you know, financial penalties when they fail to report these data breaches."
Corewell Health vendor HealthEC is offering 12 months of identity protection services and credit monitoring through Transunion. The AG's office said patients who are impacted will receive information in the mail on how to enroll. For more information, anyone with questions or concerns can call 1-833-466-9216.
