What organization was affected by the cyberattack?

Michigan Medicine experienced a cyberattack on July 30, 2024, that compromised an employee’s email account and potentially exposed sensitive patient information.

What type of data was exposed in the Michigan Medicine cyberattack?

The exposed data included names, medical record numbers, and diagnostic and treatment information for 57,891 individuals.

When did Michigan Medicine notify affected individuals?

Michigan Medicine began sending notices to affected individuals starting on September 26, 2024.

Incident

Michigan Medicine reports second data breach of the year, 58K patients exposed

Q: How did the breach occur?

The breach occurred when an employee accepted an unsolicited multifactor authentication prompt, allowing an attacker to access the account's contents.

Q: When was the investigation of the breach conducted?

The investigation was conducted from August 21-29, 2024.

Q: Has Michigan Medicine experienced other cyberattacks recently?

Yes, this is the second cyberattack at Michigan Medicine within four months, following a breach in May 2024 that exposed the personal information of over 56,000 individuals.

published: Sept. 26, 2024

Take action: Spamming MFA prompts is a thing - an attacker that has guessed your password will repeat attempts to request MFA access from you. If you are using a mobile app where you need to just click yes, it's very easy not to pay attention and click yes. Especially during the night, when the prompt wakes you up. If you receive unexpected MFA requests, don't accept and immediately reset your password.

Learn More

Michigan Medicine reports that on July 30, 2024 they have experienced a cyberattack that compromised an employee’s email account, leading to the potential exposure of sensitive patient information.

The breach occurred when the employee accepted an unsolicited multifactor authentication prompt, allowing the attacker access to the account's contents.

The compromised account contained emails and attachments related to patient care, and the investigation confirmed that data for 57,891 individuals was potentially exposed.

The exposed data included:

Names
Medical record numbers
Diagnostic and treatment information

The investigation was conducted from August 21-29, 2024, and notices were sent to affected individuals starting on September 26, 2024.

This marks the second cyberattack at Michigan Medicine within four months, following a breach in May 2024 that exposed the personal information of over 56,000 individuals.

Michigan Medicine reports second data breach of the year, 58K patients exposed

Read More
Synergy Healthcare Services reports Data Breach exposing 58k …
Baylor Scott & White Texas Spine & Joint …
HCF Management nursing homes reports data breach
SafePay Ransomware gang claims breach on Waterford Surgical …
NorthBay Healthcare Corporation reports data breach exposing half …