Cyber Incident Victim: Total Health Care

On December 16, 2020, an unauthorized third party gained access to employee email accounts at Total Health Care, a Michigan-based health plan. The breach persisted until February 5, 2021, when the intrusion was terminated. A subsequent forensic investigation confirmed the compromise of multiple email accounts containing sensitive information belonging to the organization's members and physician partners. The exposed data included Social Security numbers, birthdates, physical addresses, and additional personal identifiers. Approximately 220,000 individuals were affected by the incident, encompassing both healthcare providers and plan members. Total Health Care publicly disclosed the breach on April 8, 2021, through an official data breach notice. The organization stated it found no evidence of actual misuse of the compromised information following forensic analysis.

In response to the incident, Total Health Care engaged cybersecurity experts to strengthen its defensive measures and prevent future breaches. The organization implemented enhanced security protocols across its systems, though specific technical controls were not detailed in public disclosures. All affected individuals received notification of the breach and were offered complimentary credit monitoring services through CyberScout for a period of two years. Additional cybersecurity training was mandated for employees to improve awareness of email security threats and phishing risks. The breach did not disrupt healthcare operations or clinical services, with impacts limited to data exposure through the compromised email accounts. Total Health Care maintained regular communication with affected parties throughout the investigation and remediation process.