ANN ARBOR, Mich. — Michigan Medicine is informing 57,891 individuals about a compromised employee email account, potentially exposing patient health information.
On July 30, 2024, a Michigan Medicine employee’s email account was breached due to a cyberattack. The employee accepted an unsolicited multifactor authentication prompt, granting cyberattacker access. Immediate action was taken to disable the account.
Michigan Medicine found no conclusive evidence that patient data was the target, but data theft couldn’t be ruled out. Between August 21 and August 29, 2024, an analysis revealed some emails contained identifiable patient information, including names, medical record numbers, and treatment details.
Once the breach was discovered, the cyberattacker’s IP address was blocked, and passwords were changed. The email account didn’t contain Social Security, credit card, debit card, or bank account numbers.
Michigan Medicine employs robust training and education to combat cyberattacks. Measures include reducing email retention time, enhancing identity verification processes, and increased multifactor authentication education. The involved employee faced disciplinary action.
Michigan Medicine leaders expressed regret over the incident. They are implementing stricter technical safeguards on the email system and infrastructure to prevent future breaches.
“We are constantly working to minimize the threat of patient data being exposed,” said Jeanne Strickland, Michigan Medicine chief compliance officer. “Patient privacy is of the utmost importance. At Michigan Medicine, we continue to be vigilant as cyberattacks become more and more sophisticated.”
Notices were mailed to affected patients starting September 26, 2024. Concerned individuals who don’t receive a letter may call the toll-free Michigan Medicine Assistance Line at 1-877-225-2078, available Monday to Friday, 9 a.m. to 9 p.m. (Eastern Time).
While Michigan Medicine doesn’t believe patient information was targeted, affected patients are advised to monitor their medical insurance statements for fraudulent transactions. More information on identity theft is available from the Federal Trade Commission at www.identitytheft.gov/#/Warning-Signs-of-Identity-Theft.
About Michigan Medicine and University of Michigan Health
At Michigan Medicine, we advance health to serve Michigan and the world. Our 11 hospitals and hundreds of clinics statewide pursue excellence daily, educating future physicians and scientists at the U-M Medical School.
Michigan Medicine includes the U-M Medical School and University of Michigan Health, featuring C.S. Mott Children’s Hospital, Von Voigtlander Women’s Hospital, University Hospital, and more. The U-M Medical School is a leading biomedical research institution with over $777 million in research awards.
More information is available at www.michiganmedicine.org
—
Read More Michigan News