Michigan Medicine notifies patients of health information breach

Compromised employee email account could have exposed health information of about 2,920 patients

Author | Mary Masson

Michigan Medicine is notifying approximately 2,920 patients about an employee email account that was compromised which may have exposed some of their health information.

On December 23, 2021, an employee’s Michigan Medicine email account was compromised, resulting in a cyber attacker gaining access to and using the account to send phishing emails. The employee did not know about the compromise until suspicious activity occurred on January 6, 2022. That same day, the employee immediately reported the situation to our Information Technology Department, and the email account was disabled.   

No evidence was uncovered during our investigation to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out. As a result, all of the emails involved were presumed compromised.  The contents were reviewed to determine if sensitive data about any patients was potentially impacted.  This analysis took place between January 31 through February 15, 2022.

Some emails and attachments were found to contain identifiable patient information, such as: names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information. The emails were job-related communications for coordination and care of patients, and information related to a specific patient varied, depending on a particular email or attachment.  However, no social security numbers, credit card, debit card or other financial account information were discovered.

As soon as Michigan Medicine learned that the email account was compromised, the account was disabled so no further access could take place and immediate password changes were made. Additional technical safeguards on our email system and the infrastructure that supports it were also put in place to prevent similar incidents from happening. 

Robust training and education materials are used to increase employee awareness of the risks of cyberattacks, as well as how to identify and report them. We are reviewing these materials to make further improvements.

“Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence,” said Jeanne Strickland, Michigan Medicine chief compliance officer.

Notices were mailed to the affected patients or their personal representatives starting March 3, 2022. Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: (833) 430-2163. They should refer to Engagement # B028649 when speaking with an agent.  Calls will be answered Monday through Friday, 9 am to 11 pm and Saturday – Sunday, 11 am to 8 pm (Eastern Time.) 

While Michigan Medicine does not have reason to believe the accounts were compromised for the purpose of obtaining patient information, as a precautionary measure, all affected patients have been advised to monitor their medical insurance statements for any potential evidence of fraudulent transactions. Information about potential identity theft is available from the Federal Trade Commission at www.identitytheft.gov/#/Warning-Signs-of-Identity-Theft.

About Michigan Medicine: At Michigan Medicine, we advance health to serve Michigan and the world. We pursue excellence every day in our five hospitals, 125 clinics and home care operations that handle more than 2.3 million outpatient visits a year, as well as educate the next generation of physicians, health professionals and scientists in our U-M Medical School.

Michigan Medicine includes the top ranked U-M Medical School and University of Michigan Health, which includes the C.S. Mott Children’s Hospital, Von Voigtlander Women’s Hospital, University Hospital, the Frankel Cardiovascular Center, Metro Health and the Rogel Cancer Center. The U-M Medical School is one of the nation's biomedical research powerhouses, with total research funding of more than $500 million.

More information is available at www.uofmhealth.org

Media Contact Public Relations

Department of Communication at Michigan Medicine

[email protected]

734-764-2220

Featured News & Stories xray on tablet held by clinician in white coat and stethoscope
Health Lab
These factors are linked to a higher risk of pneumonia after heart surgery
Researchers uncovered nine elements that have significant effects on a whether a patient may develop pneumonia, with nearly 20% of patients moving into a higher risk category based on what occurred during or following the surgery.
provider sitting writing something down with person in khakis and blue shirt unbuttoned with white shirt under
Health Lab
ER screening tool helps identify youth at risk of experiencing firearm violence
A study published by researchers at the University of Michigan reveals that implementing this screening tool can help identify and support youth with firearm violence history.
Mott Poll teens and caffeine
Health Lab
Does your teen consume too much caffeine?
A quarter of parents report that caffeine is basically part of their teen’s daily life, according to a national poll.
pills floating blue pink dark background physician in middle looking at chart white coat scrubs
Health Lab
Better medical record-keeping needed to fight antibiotic overuse, studies suggest
Efforts to reduce overuse of antibiotics may be hampered by incomplete medical records that don’t show the full reasons for prescriptions.
surgery gloves passing tool blue and yellow
Health Lab
A universal heparin reversal drug is shown effective in mice
The newest version of the heparin reversal drug, described in a recent issue of Advanced Healthcare Materials, adjusted the number of protons bound to it, making the molecule less positive so it would preferentially bind to the highly negative heparin, resulting in a much safer drug.
University of Michigan Health-Sparrow Lansing
News Release
University of Michigan Health buys property for new health care center in Grand Ledge
University of Michigan Health will acquire an 11-acre site near Grand Ledge for a new health care center.