Around 34,000 patients have been notified that their health information may have been exposed in a data breach.
Officials said a cyber attacker targeted Michigan Medicine employees with an email "phishing" scam.
As a result of the scam, four Michigan Medicine employees were "lured" to a webpage and entered their Michigan Medicine login information, according to a press release from the health system. That allowed the hacker to access the employees' email accounts.
Michigan Medicine said this happened between August 15 and 23.
Health system officials learned the accounts had been hacked on August 23 and disabled the accounts, Michigan Medicine said.
Some emails and attachments contained identifiable patient information such as names, medical record numbers, addresses, date of birth and other health and insurance related information.
No evidence was uncovered during the investigation to suggest that the aim of the attack was to obtain patient health information from the compromised email accounts, but data theft could not be ruled out, the press release said.
“Patient privacy is extremely important to us, and we take this matter very seriously," Jeanne Strickland, Michigan Medicine's chief compliance officer, said. "Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence."
Affected patients should be notified by mail by October 26, the health system said.
Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-833-814-1736. The university said calls will be answered from 9 a.m. to 9 p.m., Monday through Friday, except holidays.
