On Aug. 23, the health system learned that hackers were targeting its employees with a phishing scheme in which the hackers lured employees to a webpage designed to get them to enter their Michigan Medicine login information, according to a Oct. 27 breach notification from Michigan Medicine.
Four employees entered their login information and accepted the multifactor authentication prompts, which allowed the hackers to gain access to their Michigan Medicine email accounts.
The health system said it has found no evidence to indicate that the aim of the attack was to obtain patient health information from the compromised email accounts but said data theft could not be ruled out.
The email accounts contained patient information such as names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information.
The health system is working to notify all affected individuals and has disbaled the compromised accounts.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
