In a news release, the Traverse City, Mich.-based health system said officials had noticed suspicious activity in employee email accounts. After an investigation in January, Munson Healthcare determined that the unauthorized third party had access to the email accounts between July 31 to Oct. 22, 2019.
It’s unclear how many patients were affected. Patient data that may have been exposed included names, dates of birth, insurance information and treatment information. A limited number of financial account numbers, driver’s license numbers and Social Security numbers may have also been affected.
Munson Healthcare did not discipline any of the employees for the phishing attack, according the Cadillac News. Rather, employees underwent additional cybersecurity training. Munson Healthcare also implemented additional technical safeguards to ensure a similar incident doesn’t happen again.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks
