Michigan Medicine notifies patients of health information breach

Compromised employee email account could have exposed health information of about 2,920 patients

Author | Mary Masson

Michigan Medicine is notifying approximately 2,920 patients about an employee email account that was compromised which may have exposed some of their health information.

On December 23, 2021, an employee’s Michigan Medicine email account was compromised, resulting in a cyber attacker gaining access to and using the account to send phishing emails. The employee did not know about the compromise until suspicious activity occurred on January 6, 2022. That same day, the employee immediately reported the situation to our Information Technology Department, and the email account was disabled.   

No evidence was uncovered during our investigation to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out. As a result, all of the emails involved were presumed compromised.  The contents were reviewed to determine if sensitive data about any patients was potentially impacted.  This analysis took place between January 31 through February 15, 2022.

Some emails and attachments were found to contain identifiable patient information, such as: names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information. The emails were job-related communications for coordination and care of patients, and information related to a specific patient varied, depending on a particular email or attachment.  However, no social security numbers, credit card, debit card or other financial account information were discovered.

As soon as Michigan Medicine learned that the email account was compromised, the account was disabled so no further access could take place and immediate password changes were made. Additional technical safeguards on our email system and the infrastructure that supports it were also put in place to prevent similar incidents from happening. 

Robust training and education materials are used to increase employee awareness of the risks of cyberattacks, as well as how to identify and report them. We are reviewing these materials to make further improvements.

“Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence,” said Jeanne Strickland, Michigan Medicine chief compliance officer.

Notices were mailed to the affected patients or their personal representatives starting March 3, 2022. Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: (833) 430-2163. They should refer to Engagement # B028649 when speaking with an agent.  Calls will be answered Monday through Friday, 9 am to 11 pm and Saturday – Sunday, 11 am to 8 pm (Eastern Time.) 

While Michigan Medicine does not have reason to believe the accounts were compromised for the purpose of obtaining patient information, as a precautionary measure, all affected patients have been advised to monitor their medical insurance statements for any potential evidence of fraudulent transactions. Information about potential identity theft is available from the Federal Trade Commission at www.identitytheft.gov/#/Warning-Signs-of-Identity-Theft.

About Michigan Medicine: At Michigan Medicine, we advance health to serve Michigan and the world. We pursue excellence every day in our five hospitals, 125 clinics and home care operations that handle more than 2.3 million outpatient visits a year, as well as educate the next generation of physicians, health professionals and scientists in our U-M Medical School.

Michigan Medicine includes the top ranked U-M Medical School and University of Michigan Health, which includes the C.S. Mott Children’s Hospital, Von Voigtlander Women’s Hospital, University Hospital, the Frankel Cardiovascular Center, Metro Health and the Rogel Cancer Center. The U-M Medical School is one of the nation's biomedical research powerhouses, with total research funding of more than $500 million.

More information is available at www.uofmhealth.org

Media Contact Public Relations

Department of Communication at Michigan Medicine

[email protected]


Featured News & Stories little boy playing outside with glasses on
Health Lab
Making kid’s eye care more accessible
In Michigan, families don’t have to travel far for top pediatric eye specialists
gavel stethoscope
Health Lab
A freeze, or a fix? Preventive care coverage at a crossroads
As a court case called Braidwood vs. Becerra goes through the legal system, a popular Affordable Care Act provision hangs in the balance.
VA hospital system
Health Lab
VA hospitals adapting to the COVID-19 pandemic
A recent study comparing the impact of COVID-19 on VA and non-federal hospitals showed the VA structure held several distinct advantages when adapting to the pandemic including the ability to quickly expand bed capacity, retain staff, mitigate supply shortages and avoid financial hardship.
Cody High School Students at Michigan Medicine
News Release
Detroit high school students immersed in cardiovascular medicine program at U-M Health
A group of students from Detroit’s Cody High School spent a week immersed in the world of cardiovascular medicine and science, learning about possible careers and shadowing experts at University of Michigan Health’s Frankel Cardiovascular Center. The Careers in Cardiovascular Science and Medicine Program began began in 2022.
performing surgery
Health Lab
U-M Health performs its first heart transplant after cardiac death
As the number of heart transplants performed across the United States continues to grow, surgeons at the U-M Health are taking advantage of technology that could increase its transplant yield by as much as 30%. Transplant surgeons in Ann Arbor completed the health system’s first heart transplant using an organ from a donor who had recently died — a process called donation after circulatory death, or DCD.
Health Lab
Could low iron be making your mental health symptoms worse?
Iron levels in the blood – and specifically, a type of iron storage called ferritin – have been linked to mental health symptom severity