Twenty-nine employees at Munson Healthcare fell victim to a phishing attack that allowed an unauthorized third party access to patient data, according to the Cadillac News.
In a news release, the Traverse City, Mich.-based health system said officials had noticed suspicious activity in employee email accounts. After an investigation in January, Munson Healthcare determined that the unauthorized third party had access to the email accounts between July 31 to Oct. 22, 2019.
It's unclear how many patients were affected. Patient data that may have been exposed included names, dates of birth, insurance information and treatment information. A limited number of financial account numbers, driver's license numbers and Social Security numbers may have also been affected.
Munson Healthcare did not discipline any of the employees for the phishing attack, according the Cadillac News. Rather, employees underwent additional cybersecurity training. Munson Healthcare also implemented additional technical safeguards to ensure a similar incident doesn't happen again.