Cyberattacks in May may have exposed the data of 56,000 Michigan Medicine patients
According to a press release sent Monday, cyberattacks on May 23 and 29 may have exposed the personal health information of up to 56,953 Michigan Medicine patients.
Michigan Medicine employee email accounts were compromised and some emails and attachments contained identifiable patient and insurance carrier information, including names, medical record numbers, addresses, birthdays, diagnosis and treatment information, and health insurance data.
Michigan Medicine said the emails were work-related communications to coordinate payments and bills, and none contained credit card, debit card or bank account numbers. The Social Security numbers of four patients were affected.
The compromised email accounts were deactivated as soon as possible, although Michigan Medicine could not immediately say which day that was. The hacker’s IP address was also blocked and account passwords were changed as soon as Michigan Medicine learned of the cyberattack, the release said. An investigation into the attack took place between June 10 and June 27.
“During the investigation, Michigan Medicine found no evidence that the goal of the attack was to obtain patient data, but data theft could not be ruled out,” the press release said. “As such, all affected emails were assumed to have been compromised and the content was reviewed to determine whether potentially sensitive patient data was affected.”
To prevent future cyberattacks, Michigan Medicine has strengthened security processes for employee passwords and email accounts. All employees are also educated about social engineering attacks or tampering attempts, as well as the need for strong passwords and diverse passwords, the statement said.
“Michigan Medicine took immediate steps to investigate this matter after being made aware of the possibility that patient data could be exposed. We continually monitor cyberattacks like this because patient privacy is so extremely important to us,” Michigan Medicine Chief Compliance Officer Jeanne Strickland said in the release. “We currently have several safeguards in place to reduce the risk to our patients and prevent a recurrence, but will thoroughly investigate this incident to determine if new or additional actions are necessary.”
Michigan Medicine began sending notifications to affected individuals on July 19. Individuals concerned about a data breach but have not received a letter in the mail can request assistance by calling 1-888-409-7484 Monday through Friday between 9 a.m. and 9 p.m.
All affected patients are advised to monitor their health insurance statements for fraudulent transactions, Michigan Medicine said.
The announcement of the hack came days after a faulty software update from cybersecurity firm CrowdStrike wreaked havoc around the world. Michigan Medicine did experience technical issues, but the cyberattack was unrelated to Friday’s outages.
The attack also follows several high-profile hacker attacks on Michigan’s healthcare systems in recent years.
Corewell Health, the state’s largest hospital system, reported two cybersecurity breaches in 2023, each affecting more than 1 million patients.
A ransomware attack on McLaren hospitals in August affected up to 2.5 million patients, while a hack at the University of Michigan exposed personal patient data.
Silvio Berlusconi’s ex-partner Francesca Pascale marries singer and girlfriend Paola Turci amid global Pride celebrations
Juneteenth is the fee-free day in Michigan’s national parks and forests
Kangana Ranaut publishes note about soldier’s ‘young, beautiful widow’: ‘Nothing is crueler than love’ | Bollywood
About The Author
