ANN ARBOR – Michigan Medicine has announced that a recent breach could have exposed private health information.
The health system is working to notify approximately 33,850 patients whose information may have been compromised as the result of a cyber attack between Aug. 15-22 directed at employee emails.
According to Michigan Medicine, employees were targeted by cyber attacker with a “phishing” scam. They were sent a link that prompted employees to enter their Michigan Medicine login information.
“Four Michigan Medicine employees entered their login information and then inappropriately accepted multifactor authentication prompts which allowed the cyber attacker to access their Michigan Medicine e-mail accounts,” reads a release.
The health system learned of the compromised accounts on Aug. 23 and immediately disabled them.
Although officials said no evidence during an investigation that followed suggested the purpose of the attack was to obtain private health information, they said they could not rule out data theft.
A review of all the compromised emails and attachments to determine if sensitive data was leaked was completed on Oct. 17.
Patients affected by the incident will be notified by letters which were mailed between Oct. 19-26.
Some emails and attachments included identifiable information of patients such as name, address, date of birth, medical record number, treatment and diagnostic information and in some cases health insurance information.
Officials said the…
