ANN ARBOR, Mich. (Michigan News Source) — Michigan Medicine reported that the health information of nearly 58,000 patients may have been exposed in a cybersecurity breach. It marks the latest in a string of cyberattacks targeting Detroit healthcare systems.

When did the breach occur?

The breach, which occurred on July 30, was the result of an employee mistakenly approving a fraudulent multifactor authentication (MFA) prompt. This misstep allowed a hacker to access the employee’s email account, Michigan Medicine said in a statement. Although there is no evidence the attacker intentionally sought patient information, the possibility of “data theft could not be ruled out.”

MORE NEWS: Taco Restaurant Owner Faces $823K Penalty for Unpaid Wages and Damages

The compromised account contained email communications related to patient care, including sensitive information such as names, medical record numbers, and details of medical diagnoses and treatments. While financial data, such as Social Security numbers and banking details, were not involved in the breach, Michigan Medicine has encouraged affected patients to monitor their insurance statements for any unusual activity.

Patients are being notified.

Michigan Medicine began notifying the 57,891 affected patients on September 26, offering guidance and resources, including a toll-free assistance line for those seeking more information. The health system has also taken steps to reinforce its cybersecurity protocols, including shortening email retention periods, tightening identity verification processes, and enhancing employee training on cybersecurity threats.

It’s not an isolated problem.

This breach is one of several cybersecurity incidents to hit Michigan healthcare providers in 2024. Michigan Medicine was the victim of a similar attack earlier this year, affecting the personal data of over 56,000 patients. Other major health systems, including Corewell Health, McLaren Health, and Ascension, have also experienced breaches, with Corewell reporting incidents affecting over 1 million patients in 2023.

Jeanne Strickland, chief compliance officer for Michigan Medicine, emphasized that patient privacy remains a top priority for the health system. 

“Michigan Medicine immediately took steps to investigate this matter, once alerted to the possibility of patient data being exposed. We constantly monitor for cyberattacks such as these because patient privacy is so extremely important to us,” Strickland said in a statement.