"Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence," Jeanne Strickland, Michigan Medicine's chief compliance officer, said in a statement.
Michigan Medicine began sending letters about the breach to the affected 2,920 patients Thursday, according to officials.
They said an employee's email account was compromised Dec. 23 in a cyber attack and used to send out other emails. The employee did not know about the compromise until suspicious activity on Jan. 6. The employee reported it to the health system's information technology department, which disabled the email account.
Officials said they investigated and uncovered no evidence indicating the cyber attack's goal was to obtain patient health information, but data theft could not be ruled out and all of the emails involved were presumed compromised.
During the investigation, officials found the compromised email contained patient information such as names, medical record numbers, addresses, dates of birth, diagnostic and treatment information and health insurance information. They said no social security numbers, credit card, debit card or other financial account information was found.
Anyone concerned about the breach and who does not receive a letter may call the Michigan Medicine Assistance Line at (833) 430-2163. Refer to Engagement # B028649 when speaking with an agent. Calls will be answered 9 a.m- 11 p.m. Monday through Friday and 11 a.m.-8 p.m. on weekends.
©2022 The Detroit News, Distributed by Tribune Content Agency, LLC.
