Michigan Medicine, formerly known as the University of Michigan Health Center, is located in Ann Arbor, Michigan. The name was changed in 2017 and remains an academic medical institution.
The breach was a targeted attack that resulted in thousands of patients becoming victims. “No evidence was uncovered during the investigation to suggest that the aim of the attack was to obtain patient health information from the compromised email accounts, but data theft could not be ruled out,” stated the University of Michigan Health website.
The breach occurred when an unauthorized party gained access to employee emails that may have contained sensitive patient information. The employees were prompted to “authenticate” themselves via a phishing scam, thus falling victim to this attack that affected more than 33,000 patients.
This breach began on August 15th, 2022, and ended on August 23rd, 2022.
The breach impacts certain Michigan Medicine patients. The accessed information includes names, addresses, birthdays, medical record numbers, diagnosis and treatment data, and/or health insurance information. The information in the emails varied by the patient, meaning that particular victims may have more or less compromised data than the list above.
The breach affects approximately 33,850 people and files. These people are now facing identity theft as a genuine threat. Of course, the victims can take steps to protect themselves; while no system is flawless, it’s always better to take extra precautions!