Michigan Medicine reports year's second data breach impacting 57k people

For the second time this year, Michigan Medicine is dealing with a leak of sensitive data, notifying tens of thousands of people about an employee email being compromised due to a cyber attack.

The employee accepted an unsolicited prompt, which allowed hackers access to their email account and its contents. 

The data leak happened on July 30, a week after the health care system reported they were dealing with a separate cyber attack that impacted approximately 56,000 employees and patients. That breach took place in late May.

In the latest case, an investigation could not determine if stealing data was the goal of the attack, but found no evidence to suggest obtaining patient information was the aim.

A review of the compromised information took place in late August and Michigan Medicine notified 57,891 people on Sept. 26.

Among the pieces of data that were included in the compromised email was identifiable patient information such as names, medical record numbers, and treatment information. 

In a news release, the hospital chain apologized for the incident and said it was implementing more safeguards in its email system to make sure similar cases don't take place.

"Patient privacy is of the utmost importance. At Michigan Medicine, we continue to be vigilant as cyberattacks become more and more sophisticated," said Jeanne Strickland, the chief compliance officer of Michigan Medicine. "We will analyze this incident and review our safeguards and make changes if needed to protect those we care for." 

Related

McLaren Health Care: Operations back to normal after cyberattack

McLaren is still working with cybersecurity experts to determine whether any patient or employee information was breached.

Data BreachesAnn ArborHealth