Michigan Medicine warns nearly 57,000 patients about cyberattack

ANN ARBOR, Mich. – The University of Michigan Health System says a cyberattack may have exposed the health data of nearly 57,000 patients.

Michigan Medicine reports approximately 56,953 employees whose email accounts were compromised, potentially exposing patient health information.

Three Michigan Medicine employee email accounts were compromised in a cyberattack. The events occurred on May 23 and May 29, 2024. The accounts were disabled as quickly as possible so no further access was possible.

UM says the cyberattack is unrelated to last week’s Crowdstrike outage.

During its investigation, Michigan Medicine found no evidence that the aim of the attack was to obtain patient health information. However, data theft cannot be ruled out.

As a result, all affected emails were considered compromised and the contents were reviewed to determine if confidential patient data may have been affected. This analysis took place between June 10, 2024 and June 27, 2024.

Some emails and attachments contained identifiable patient and/or insurance carrier information, such as names, medical record numbers, addresses, dates of birth, diagnosis and treatment information, and/or health insurance information. The emails were work-related communications for payment and billing coordination for Michigan Medicine patients. The information for each individual patient varied by email or attachment.

Michigan Medicine said it blocked the attacker’s IP address and changed passwords as soon as it became aware of the attack.

Notices were sent to affected patients and/or guarantors or their personal representatives beginning July 19, 2024. Individuals concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-888-409-7484. Calls are answered Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.

Although Michigan Medicine has no reason to believe the accounts were compromised for the purpose of obtaining patient information, as a precautionary measure, all affected patients have been advised to monitor their health insurance statements for possible indications of fraudulent transactions.