Michigan Medicine discovered suspicious activity in the three email accounts July 8. Employees were immediately instructed to reset passwords to prevent further unauthorized access.
There has been no evidence that patient information has been misused. Information in the compromised email accounts included patient names, addresses, dates of birth, medical record numbers, diagnostic information, treatment information, health insurance information and a limited number of Social Security numbers.
Since the incident, Michigan Medicine has adopted additional technical safeguards to improve email security. Employees will also go through additional training to improve security awareness, reports the HIPAA Journal.
More articles on cybersecurity:
3 email cybersecurity vulnerabilities specific to healthcare
Ohio ophthalmology practice hit by ransomware attack
NYC fire department loses external storage device with 10,000+ patients’ information
