kras99 - stock.adobe.com
Michigan Medicine Notifies 33K Patients of Phishing Attack
Four Michigan Medicine employees fell victim to the phishing attack, enabling unauthorized access to their email accounts.
Michigan Medicine notified 33,850 patients of a phishing attack that may have exposed their health information. A cyber attacker targeted Michigan Medicine in August 2022 with a scam that lured employees to a webpage that got them to enter their login information.
As a result, four Michigan Medicine employees entered login information and accepted multifactor authentication prompts, enabling the attacker to access their email accounts. Michigan Medicine said it immediately disabled the accounts upon discovery.
“No evidence was uncovered during the investigation to suggest that the aim of the attack was to obtain patient health information from the compromised email accounts, but data theft could not be ruled out,” the notice stated.
Some email accounts contained patient names, addresses, birth dates, treatment information, medical record numbers, and health insurance information.
“Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence,” Jeanne Strickland, Michigan Medicine chief compliance officer, said in the statement.
Michigan Medicine noted that it had already implemented robust training programs to prevent phishing, and the four employees who fell for the scam had taken part in that training and will be “subject to disciplinary action under Michigan Medicine policies and procedures.”
Wisconsin Department of Health Services Breach Impacts 12K
The Wisconsin Department of Health Services (DHS) informed 12,358 individuals that their protected health information (PHI) was potentially involved in a data breach that occurred because a presentation containing PHI was emailed to employees and posted on the department’s website.
The presentation was emailed to the DHS Children’s Long-Term Support Council in April 2021 and forwarded to county employees as part of the department’s meeting minutes. It is unclear why PHI was utilized for the meeting minutes.
“Information that was potentially exposed includes the first and last name, date of birth, gender, county location, Wisconsin Medicaid member ID number, and social security number of affected members of Wisconsin Medicaid,” the Department stated.
DHS discovered the incident on August 8 and immediately removed the minutes from the website, replacing it with a PDF version that revoked access to PHI. In addition, DHS took action to confirm that individuals who received the presentation via email had deleted it.
DHS notified the individuals in October and offered them free credit monitoring services.
Riverside Medical Group Breach Impacts Legacy Server
Riverside Medical Group (RMG) suffered a breach that impacted an independent legacy server at its West Orange, New Jersey clinic. The breach impacted 12,499 individuals. The server was maintained by one provider who used it to maintain some of his patients’ immunization records, the notice explained. RMG said it was unaware of any misuse of information.
“However, we are providing notice to you out of an abundance of caution, because your information was available on the server, and potential access or acquisition of the information, before the server was locked down, could not be definitively ruled out,” the notice continued.
The information on the server potentially included names, gender, phone numbers, email addresses, immunization records, dates of birth, provider information, health plan information, and some Social Security numbers.
“We deeply regret this incident and sincerely apologize for any inconvenience or concern it may cause. Upon discovery, we took prompt action to lock down and disable the impacted server,” RMG said.
“We also began an investigation to understand the scope of the incident, confirming that other RMG systems and servers were unaffected.”