Potential Michigan Medicine data breach may affect 33K+

Michigan Medicine is warning 33,850 customers about a potential leak of some of their private information, officials said Thursday morning.

Officials said the information was exposed during a cyber attack that targeted Michigan Medicine employees with an email “phishing” scam from Aug. 15-23, 2022. In the attack, four employees entered their login information and then inappropriately accepted multifactor authentication prompts which allowed a hacker to access their e-mail accounts.

“Patient privacy is extremely important to us, and we take this matter very seriously,” Jeanne Strickland, Michigan Medicine’s chief compliance officer, said in a statement Thursday. “Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence.”

They said the company learned the email accounts were compromised on Aug. 23. The accounts were disabled so no further access was allowed and passwords were changed.

They also said no evidence was found suggesting the attack’s aim was to get patient health information, but data theft can not be ruled out.

An investigation determined emails and attachments that were compromised were job-related communications for the coordination of patient care and included patient information, such as name, medical record number, address, date of birth, diagnosis, treatment, and health insurance.

Any affected patients will be notified by letter, officials said.

“Michigan Medicine is very sorry and deeply regrets this incident has occurred,” it said in a statement. “Michigan Medicine also is assessing the ability to place additional technical safeguards on our email system and the infrastructure that supports it to prevent similar incidents from happening.”

No Byline Policy

Editorial Guidelines

Corrections Policy

Source