Michigan Medicine notifies patients of health information breach

Compromised employee email accounts could have exposed health information of about 56,953 patients

11:30 AM

Author | Mary Masson

medical campus aerial

ANN ARBOR, Mich. — Michigan Medicine is notifying approximately 56,953  individuals about employee email accounts that were compromised, potentially exposing some patient health information.

Three Michigan Medicine employee email accounts were compromised due to a cyberattack. The events occurred on May 23 and May 29, 2024. The accounts were disabled as soon as possible so no further access could take place.

This incident was not related to the recent CrowdStrike outages.

During its investigation, Michigan Medicine did not find any evidence to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out. As a result, all the emails involved were presumed compromised and the contents were reviewed to determine if sensitive data about patients was potentially impacted.This analysis took place between June 10, 2024, and June 27, 2024.

Some emails and attachments were found to contain identifiable patient and/or insurance guarantor information, such as: names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information. The emails were job-related communications for payment and billing coordination for Michigan Medicine patients. The information involved for each specific patient varied, depending on the particular email or attachment. 

As soon as Michigan Medicine learned that the email accounts were compromised, the cyber attacker’s IP address was blocked, and immediate password changes were made so no further access could take place. The email accounts did not contain any credit card, debit card, or bank account numbers. Four patients received separate notice because their Social Security Numbers were involved.

Michigan Medicine is taking swift action to ward off future cyberattacks that target employees. Michigan Medicine has strengthened existing processes regarding the security of employee passwords and email accounts. Additionally, all Michigan Medicine staff will receive additional education on these topics, such as how social engineering attacks work, the need to select strong passwords, and the need to use different passwords for multiple sites. We are also strengthening existing processes to ward off social engineering attacks targeting Michigan Medicine employees.

“Michigan Medicine immediately took steps to investigate this matter, once alerted to the possibility of patient data being exposed. We constantly monitor for cyberattacks such as these because patient privacy is so extremely important to us,” said Jeanne Strickland, Michigan Medicine Chief Compliance Officer.

“We currently have multiple safeguards in place to reduce risk to our patients and prevent recurrence but will examine this incident thoroughly to determine if new or additional measures are needed.”

Notices were mailed to the affected patients and/or guarantors or their personal representatives starting July 19, 2024. Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-888-409-7484. Calls will be answered Monday through Friday, 9 am to 9 pm (Eastern Time).

While Michigan Medicine does not have reason to believe the accounts were compromised for the purpose of obtaining patient information, as a precautionary measure, all affected patients have been advised to monitor their medical insurance statements for any potential evidence of fraudulent transactions. Information about potential identity theft is available from the Federal Trade Commission at www.identitytheft.gov/#/Warning-Signs-of-Identity-Theft

Media Contact

University Hospital at U-M Health in the spring with flowering trees in foreground and Survival Flight helicopter visible

Public Relations

Department of Communication at Michigan Medicine

[email protected]

734-764-2220

Related

Digital agreement hippa apps
Health Lab

Big Data Advances Research, But It Shouldn’t Do So at the Cost of Privacy

Health data collected from apps or wearable devices could revolutionize personalized healthcare, but the lack of legal protections related to this technology could lead to personal health information becoming available to unscrupulous third parties.

Featured News & Stories

Residents working in the simulation center with text detailing that the U-M Medical School has 20+ top residency programs in this year's Doximity rankings.
News Release

U-M boasts 15 top 10 residency programs in latest Doximity Residency Navigator rankings

U-M boasts 15 top 10 residency programs in latest Doximity Residency Navigator rankings
Michigan Medicine Presents in spotlights on blue background
Michigan Medicine Presents

Michigan Medicine Presents: Tommy Wang, M.D., Dean, University of Michigan Medical School

Join MD student Cassie Evans and PhD student Sam Collie for a wide-ranging conversation with Dean Tommy Wang, M.D. As he reflects on his journey to medicine and academic leadership, Dr. Wang shares his perspectives on student well-being, artificial intelligence, education, research and patient care through the lens of his new role as dean of the University of Michigan Medical School.
An older adult's hands holding a smartphone
Health Lab

Are 988 and other mental health crisis lines missing people over 50?

Many people over 50 aren't aware of the 988 mental health crisis line, though some are aware of other crisis lines, suggesting an opportunity to increase awareness and use.
climb sign and family smiling infront
Health Lab

Lung transplant recipient stays active climbing stadium steps and more post-transplant

Doug Wright stayed active until his lung transplant. Now, he is continuing to participate in rigorous physical activity with his donor lungs.
Health Lab Podcast in brackets with a background with a dark blue translucent layers over cells
Health Lab Podcast

Medicare's New GLP-1 Bridge Program

An obesity expert welcomes new Medicare option for access to effective weight loss medication, and shares the new program’s limitations.
Aerial view of University of Michigan Health hospital in Ann Arbor, Michigan.
News Release

University of Michigan Professional Nurse Council reaches tentative agreement with University of Michigan Health

Nurses represented by the University of Michigan Professional Nurse Council (MNA-UMPNC) have reached a tentative, three-year agreement with the University of Michigan Health.