Michigan Medicine is notifying approximately 57,891 individuals about an employee email account that was compromised, potentially exposing some patient health information.
One Michigan Medicine employee email account was compromised due to a cyberattack. A Michigan Medicine employee accepted an unsolicited multifactor authentication prompt, which allowed the cyberattacker to access the employee’s email account and its contents. The event occurred on July 30, 2024. The account was disabled as soon as possible so no further access could take place.
During its investigation, Michigan Medicine did not find any evidence to suggest that the aim of the attack was to obtain patient health information, but data theft could not be ruled out. As a result, all the emails involved were presumed compromised and the contents were reviewed to determine if sensitive data about patients was potentially impacted. This analysis took place between August 21, 2024 and August 29, 2024.
Some emails and attachments were found to contain identifiable patient information, such as: names, medical record numbers, and diagnostic and/or treatment information. The emails were job-related communications for treatment and coordination for Michigan Medicine patients. The information involved for each specific patient varied, depending on the particular email or attachment.
As soon as Michigan Medicine learned that the email accounts were compromised, the cyberattacker’s IP address was blocked, and immediate password changes were made so no further access could take place. The email account did not contain any Social Security Numbers, credit card, debit card, or bank account numbers.
Notices were mailed to the affected patients or their personal representatives starting September 26, 2024.