For the second time this year, Michigan Medicine suffered a data breach.
The Ann Arbor-based health system contacted 33,850 patients in the past week after a cyberattack in August gained access to staff email accounts and potentially exposed information patient health information, Michigan Medicine said in a press release.
Four Michigan Medicine employees were caught up in an August 15 to 23 scam that lured them to a website that asked for login information and a fake multi-factor authentication prompt. The health system became aware of the August 23 cyberattack and disabled the email accounts.
Michigan Y.
Some emails contain patient information, such as name, medical record number, address, date of birth, treatment information and health insurance data, the system said in a press release.
A patient’s Social Security number was involved.
Michigan Medicine said it completed the patient notice on Wednesday
“Patient privacy is extremely important to us and we take it very seriously,” Jeanne Strickland, chief compliance officer for Michigan Medicine, said in a press release. “Michigan Medicine has taken immediate steps to investigate this issue and is taking additional protective measures to reduce the risk to our patients and help prevent disease recurrence.”
Cyberattacks have been a growing concern for businesses for a decade and are a growing problem for the healthcare industry, which handles too much sensitive information.
In March, Michigan Medicine notified nearly 3,000 patients of a breach of their health information data from a similar scam.
Download the Modern Healthcare app to stay up to date with industry news.
Also in March, Ascension Michigan – a subsidiary of Ascension Health based in St. Louis, which operates four hospitals in the state – announced a data breach that exposed the personal information of more than 27,000 patients.
More than 550 US hospitals reported data breaches in 2021, exposing the information of more than 40 million patients, according to data from the US Office of Health and Human Rights.
The biggest data breach last year was from Florida health plan Healthy Kids Corp., which experienced a breach that exposed the information of 3.5 million members. Florida’s 20/20 Eye Care Network also reported a breach affecting 3.3 million members.
The company Kroger also reported a breach last year that exposed the data of 1.5 million customers as part of a breach against software service provider Accelion. Approximately 1,500 patients with Beaumont Health, now Corewell Health, were affected by the Accelion breach.
This story first appeared in our sister publication, Crain’s Detroit Business.
