Ann Arbor, Michigan – Approximately 34,000 Michigan Medicine patients have received notice that their health information may have been exposed in a data breach.
A cyber attacker used a phishing scam to compromise an employee’s email account, Michigan medical officials said, prompting the medical system to warn 33,850 patients of exposure.
The scam took place between August 15 and 23, when employees were directed to a web page designed to submit Michigan Medicine login information and four employee email accounts were accessed, officials said. says.
The health system discovered the compromised email account on August 23, officials said. These accounts have been disabled to prevent further access by cyber attackers.
The contents of these email accounts included identifiable patient information such as names, medical record numbers, addresses, dates of birth, diagnosis and treatment information, and health insurance information, officials said. The owner added that he used work-related information. function.
Initial investigations found no evidence that the attack was intended to obtain patient health information, officials said, but did not rule out data theft.A follow-up review was completed on October 17. and determined whether sensitive patient data was affected. Affected patients will be notified by letter by October 26th.
The email account did not contain credit card, debit card or bank account numbers, officials said. I was.
“Patient privacy is very important to us and we take this issue very seriously,” said Jean Strickland, chief compliance officer at Michigan Medicine, in a statement. “[We]are taking immediate steps to investigate this matter and are implementing additional safeguards to mitigate the risk to patients and prevent a recurrence.”
this is Second reported data breach About 3,000 patients were affected by another compromise in March 2022.
read more: Michigan Medicine data breach could impact health information for nearly 3,000 patients
Michigan Medicine employees are being educated on cyber awareness, including sending fake phishing emails to test employees, officials said. The employee who owned her account has been trained and is subject to disciplinary action, officials said.
Michigan Medicine patients who are concerned about a violation may call 1-833-814-1736. You can contact us by phone between 9:00 am and 9:00 pm, Monday through Friday, excluding holidays. Information about possible identity theft is available from the Federal Trade Commission. identitytheft.gov/#/Warning-Signs-of-Identity-Theft.
Read more from The Ann Arbor News:
This is how safety officials are preparing for MSU football night games in Michigan
Michigan versus Michigan? How could Michigans end up rooting for both?
