An employee's email was compromised at Ann Arbor-based Michigan Medicine last year, potentially exposing the protected health information of 2,920 patients, the health system said this week.
The email account was compromised Dec. 23, when a cyberattacker gained access to and used the account to send phishing emails, the health system said in a March 3 news release.
The employee learned about the breach when suspicious activity occurred Jan. 6 and immediately reported the situation to the health system's information technology department, the health system said. The email account was disabled and password changes were made.
During Michigan Medicine's investigation, no evidence was found to suggest that the aim of the attack was to obtain patient health information, but the health system said all of the emails involved are presumed compromised.
Patient information that may have been accessed as a result of the incident includes names, medical record numbers, addresses, dates of birth, diagnostic and treatment information and health insurance information.