Michigan Medicine leaks info of 1,015 patients via postcard mailings
Learn More
Michigan Medicine, the medical center of the University of Michigan, is reporting a privacy breach that exposed information for 1,015 individuals.
The incident was caused by an administrative oversight when research study recruitment postcards were mailed without protective envelopes on June 27, 2025. The University of Michigan's Institutional Review Board, which is responsible for oversight of human subjects involved in medical research, mistakenly approved mailing the postcards without the required protective envelopes.
The postcards were intended to inform eligible patients about research opportunities but inadvertently became a vector for protected health information disclosure when sent through standard mail channels without appropriate privacy safeguards.
Exposed data includes
- Protected health information (limited amount)
- Personal details sufficient to identify individuals for research study participation
- Medical information relevant to research study eligibility criteria
The affected individuals were notified of the breach on on August 14, 2025. "We take patient privacy very seriously, and we regret this incident," said Jeanne Strickland, Michigan Medicine chief compliance officer, in a statement. "Whenever situations like this occur, we immediately take steps to investigate.
Affected individuals have been advised to contact the Michigan Medicine Assistance Line at 833-353-4105, which operates from 9 a.m. to 9 p.m., Monday through Friday, for any concerns or questions about the incident.
