Nearly 57,000 patient records from the University of Michigan Medicine system were potentially exposed to cyber criminals.
In yet another story of a security breach at a large health system, Michigan Medicine issued a statement Monday saying it was notifying approximately 56,953 individuals about the breach and subsequent information exposure.
According to the statement, three Michigan Medicine employee email accounts were compromised in the cyberattack. The events reportedly occurred on May 23 and May 29, 2024.
The health provider and academic institution statement says some emails and attachments were found to contain identifiable patient and/or insurance guarantor information, such as: names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information. The emails were apparently job-related communications for payment and billing coordination for Michigan Medicine patients and information involved for each specific patient varied, depending on the particular email or attachment.
Michigan Medicine officials say the accounts were disabled as soon as possible so no further access could take place and the email accounts did not contain any credit card, debit card, or bank account numbers. The statement indicates four patients received separate notice because their Social Security Numbers were involved in the breach.
The statement says notices were mailed to the affected patients and/or guarantors or their personal representatives starting July 19, 2024. Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-888-409-7484. Calls will be answered Monday through Friday, 9 am to 9 pm (Eastern Time).
