ANN ARBOR, Mich. (Michigan News Source) – In a troubling cyberattack, Michigan Medicine, a part of the University of Michigan, announced that the email accounts of three employees were compromised in May. The breach potentially exposed the personal information of 56,953 patients. The targeted accounts were swiftly disabled to prevent further access, but the damage was already done.
According to a statement from Michigan Medicine, the cyberattack occurred on May 23rd and May 29th of this year. Patients were notified on Friday, coinciding with unrelated technical issues caused by a global software update glitch from CrowdStrike, a Texas-based cybersecurity firm. This glitch affected multiple sectors, delaying flights and disrupting some healthcare systems, though it was not connected to the cyberattack on Michigan Medicine.
Data leak diagnosis: personal info at risk.
MORE NEWS: Tuscola County Suspect Faces Felony Charges After Firing at MSP Troopers
The investigation into the Michigan Medicine breach revealed that emails in the hacked accounts contained sensitive patient information. This included medical record numbers, addresses, dates of birth, diagnostic and treatment information, and health insurance details. In four instances, Social Security numbers were also compromised. No credit card, debit card, or bank account numbers were exposed in the breach according to the medical center.
Mary Masson, a spokesperson for Michigan Medicine, emphasized that the attack was not ransomware, differentiating it from a previous cyber incident in May that crippled Ascension Health’s electronic medical records system. The latest attack appeared to be aimed at gaining remote access to email accounts.
Firewall fixes: strengthening cybersecurity.
Michigan Medicine responded swiftly to mitigate the breach. The compromised accounts were blocked and passwords were changed immediately to prevent further unauthorized access. The health system also conducted a thorough review to determine the extent of the data compromised.
In response to the attack, Michigan Medicine is implementing stronger cybersecurity measures. This includes enhancing employee training on social engineering attacks, emphasizing the importance of strong, unique passwords, and fortifying existing security protocols. Jeanne Strickland, Michigan Medicine’s Chief Compliance Officer, highlighted the critical importance of patient privacy and the institution’s ongoing efforts to safeguard against such threats.
Patient precautions: monitoring and assistance.
Affected patients were notified starting July 19, 2024, and those concerned about the breach can contact the Michigan Medicine Assistance Line at 1-888-409-7484. Patients are advised to monitor their medical insurance statements for any signs of fraudulent activity.
Leave a Comment
COMMENTS POLICY: We have no tolerance for messages of violence, racism, vulgarity, obscenity or other such discourteous behavior. Thank you for contributing to a respectful and useful online dialogue.