Ann Arbor-based Michigan Medicine is notifying 33,850 patients that some of their personal health information may have been compromised due to a phishing scheme that targeted employees' email accounts.
On Aug. 23, the health system learned that hackers were targeting its employees with a phishing scheme in which the hackers lured employees to a webpage designed to get them to enter their Michigan Medicine login information, according to a Oct. 27 breach notification from Michigan Medicine.
Four employees entered their login information and accepted the multifactor authentication prompts, which allowed the hackers to gain access to their Michigan Medicine email accounts.
The health system said it has found no evidence to indicate that the aim of the attack was to obtain patient health information from the compromised email accounts but said data theft could not be ruled out.
The email accounts contained patient information such as names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information.
The health system is working to notify all affected individuals and has disbaled the compromised accounts.