July 24, 2024 at 10:42AM
Michigan Medicine, the University of Michigan’s academic medical center, is notifying 57,000 individuals about a data breach. Threat actors gained access to employee email accounts, potentially compromising personal and health information. Though no evidence of patient data theft was found, sensitive information like names, addresses, and medical record numbers may have been exposed. Measures have been taken to enhance security and notify affected individuals.
Key takeaways from the meeting notes:
– Michigan Medicine is notifying 57,000 individuals about a data breach affecting their personal and health information.
– Threat actors gained access to employee email accounts on May 23 and May 29, resulting in the compromise of sensitive data.
– Michigan Medicine’s investigation did not find evidence of the attack aiming to obtain patient health information, but data theft couldn’t be ruled out.
– Potentially exposed information includes names, addresses, dates of birth, medical record numbers, diagnostic and treatment information, and health insurance information.
– No credit card or bank account numbers were compromised, but the Social Security numbers of four patients were exposed.
– Michigan Medicine has taken measures to block the attacker’s IP address, change passwords, improve email and password security, and plans to train employees on security awareness.
– Notices have been sent to affected patients and guarantors starting July 19, 2024.