Phishing attack affects 16,000 in Michigan

A phishing attack on an employee's email is the source of a potential data breach affecting 16,000 patients of a Michigan practice.

On July 14, an unauthorized individual gained access to the email account of an employee of Oakland Family Services, a nonprofit human and health services organization based in Pontiac.

The organization learned of the attack the same day. There was no infiltration of the EMR databases, or any other agency email accounts or databases, according to a release. The "rogue user" had access to the account for 23 minutes.

The email account contained protected health information including names, client ID numbers, services dates and types of service provided. Some emails also included birth dates, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers.

The incident affects clients seen between April 2007 and July 2015. 

The agency said it immediately terminated the hacker's access to the email account upon learning of the incidence. "We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented," said David Partlo, the organization's director of IT.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.