Michigan Medicine reports data breach exposing 57k patients

Michigan Medicine, the academic medical center affiliated with the University of Michigan, has reported a data breach impacting approximately 57,000 individuals.

The breach involved unauthorized access to employee email accounts on May 23 and May 29, 2024. Upon detection, the compromised accounts were disabled and the attacker’s IP address was blocked.. The email accounts contained job-related communications primarily focused on payment and billing coordination for Michigan Medicine patients. The specific information exposed varied per email or attachment.

Exposed Information:

• Names
• Addresses
• Dates of birth
• Medical record numbers
• Diagnostic and treatment information
• Health insurance information

Additionally, the Social Security numbers of four patients were compromised, but no credit card, debit card, or bank account numbers were affected.

Michigan Medicine has initiated notifications to the affected individuals, with letters sent starting July 19, 2024.