The protected health information of 18,470 patients at Detroit-based Henry Ford Health System (HFHS) may have compromised by a data breach the system first discovered in October.
HFHS said it first learned of the breach after a group of employees’ email credentials, which had been encrypted, were stolen, and those emails contained patient health information.
Social Security and credit card numbers weren’t compromised, the system said, but patient names, birthdates, medical records and information about providers and insurers was breached—though it’s unclear whether any of it has been used inappropriately.
"We are very sorry this happened,” the system said in a press release. “We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted.”
HFHS said it will bolster its security after the breach, including extra training for employees and expanding initiatives around email retention and multi-factor authentication.
“To provide protection to our patients, new medical record numbers will be issued upon request,” the system said.
HFHS spokesperson David Olejarz told the Detroit News there is no criminal investigation into the breach.
John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.