(WXYZ) — Michigan Medicine said Thursday that compromised employee email accounts may have exposed the health information of about 33,850 patients.
“Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence,” said Jeanne Strickland, Michigan Medicine chief compliance officer, in a press release.
The health system said in a press release that from August 15 through August 23, Michigan Medicine employees were targeted with a phishing scam through their email.
The cyber attacker reportedly got employees to go to a website to enter their Michigan Medicine login information. Four employees were impacted by the scam, according to Michigan Medicine.
After learning of the attack in August, Michigan Medicine said the accounts were disabled.
Michigan Medicine officials said they do not believe the attack was meant to obtain patient information, but that data theft could not be ruled out. A review was underway and completed on October 17. Patients who were impacted will reportedly be notified by letter.
Some patient information that may have been compromised include: Name; medical record number; address; date of birth; diagnostic and treatment information; and/or health insurance information.
Michigan Medicine says additional technical safeguards were put in place to help prevent similar incidents from happening in the future.
Concerned patients can call the Michigan Medicine Assistance Line: 1-833-814-1736. Calls will be answered from 9 a.m. to 9 p.m. (Eastern Time), Monday through Friday, except holidays.