Lone Michigan Medicine employee responsible for breach that impacted 58K patients

A phishing scam at University of Michigan Medicine in Ann Arbor resulted in personal information from 57,891 patients being leaked to hackers. 

According to a statement from the academic hospital, a single employee is responsible for the data breach on its network, after they responded to an unauthorized prompt to provide multifactor authentication information to a criminal third party. 

“As soon as Michigan Medicine learned that the email accounts were compromised, the cyberattacker’s IP address was blocked, and immediate password changes were made so no further access could take place,” the hospital added in a statement

The accident caused hackers to gain access to email servers and presumably all of their contents, including file attachments. Potentially exposed data included patient names, medical record numbers, and details on diagnoses and treatments. 

Financial information, such as credit card and social security numbers, were not exposed, Michigan Medicine said. 

The employee responsible for the breach was subjected to disciplinary action, the hospital noted. However, there is no evidence of malice. It’s also not entirely clear what information the unknown hackers were after—and it may not have been patient data at all, Michigan Medicine added. 

The hospital did not provide specifics on how long its email system was compromised. 

In response, Michigan Medicine said it deployed “more stringent technical safeguards” on its email system in an effort to “prevent similar incidents from happening.”

The incident happened on July 30. The investigation was completed on Aug. 29, and now the hospital is notifying impacted individuals. 

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Around the web

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

If passed, this bill would help clinician-led clinical registries explore Medicare data for research purposes. The Society of Thoracic Surgeons and American College of Cardiology both shared public support for the bipartisan legislation. 

Cardiologists and other physicians may soon need to provide much more information when ordering remote patient monitoring for Medicare patients.

Trimed Popup
Trimed Popup