ANN ARBOR, Mich. (CBS Detroit) -- Michigan Medicine notified about 2,920 patients that their health information may have been exposed.
Officials say the breach is linked to an employee's email account being compromised, resulting in a cyber attacker gaining access and using the account to send phishing emails.
The employee, the said, learned of the compromise when suspicious activity happened on Jan. 6. The employee immediately reported the issued to the hospital IT department and the email was disabled.
Officials say some emails and attachments were found to contain identifiable patient information such as names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health information. No social security numbers, credit card, debit card, or other financial account information was discovered.
The emails were job-related communications for coordination and care of patients. Information on a specific patient varied, depending on a particular email or attachement.
"No evidence was uncovered during our investigation to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out," read a press release from Michigan Medicine. "As a result, all of the emails involved were presumed compromised. The contents were reviewed to determine if sensitive data about any patients was potentially impacted. This analysis took place between January 31 through February 15, 2022."
Officials say notices were mailed to patients impacted and their representatives beginning March 3. Any patient who is concerned about the breach and did not receive a letter can call the toll-free Michigan Medicine Assistance Line at 833-430-2163. They should refer to Engagement #B028649 when talking to an agent.
© 2022 CBS Broadcasting Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.
for more features.