Michigan Medicine officials say nearly 3,000 affected in data breach

Charles E. Ramirez
The Detroit News

Michigan Medicine is warning nearly 3,000 of its clients that some of their private information may have been accessed by computer hackers.

"Patient privacy is extremely important to us, and we take this matter very seriously," Jeanne Strickland, Michigan Medicine's chief compliance officer, said in a statement. "Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent (a) recurrence." 

Michigan Medicine began sending letters about the breach to the affected 2,920 patients Thursday, according to officials.

They said an employee's email account was compromised on Dec. 23 in a cyberattack and used to send out other emails. The employee did not know about the compromise until suspicious activity on Jan. 6. The employee reported it to the health system's information technology department, which disabled the email account.

Officials said they investigated and uncovered no evidence indicating the cyberattack's goal was to obtain patient health information, but data theft could not be ruled out and all of the emails involved were presumed compromised. 

During the investigation, officials found the compromised email contained patient information such as names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and health insurance information. They said no social security numbers, credit card, debit card or other financial account information was found.

Anyone concerned about the breach and who does not receive a letter may call the Michigan Medicine Assistance Line at (833) 430-2163. Refer to Engagement #B028649 when speaking with an agent. Calls will be answered from 9 a.m to 11 p.m. Monday through Friday and 11 a.m. to 8 p.m. on weekends.