Skip to main content
Michigan’s nonpartisan, nonprofit news source

We need your vote!

During this important election year, Bridge readers like you know that high-quality journalism like ours is more critical than ever. There’s a lot on the line, and we’re working daily to deliver the information you need to prepare you for November’s election. Can we count on your vote of confidence in our newsroom? Donate today!

Pay with VISA Pay with MasterCard Pay with American Express Pay with PayPal Donate

Michigan Medicine latest health care system to be hit by cyberattack

Hacker with malware code in computer screen.
Hackers have been increasingly able to reach sensitive patient information. (Shutterstock)
  • Email accounts of three Michigan Medicine employees were hacked in May
  • An investigation found that emails in those accounts contained personal information for nearly 57K patients
  • Patients were notified beginning Friday — the same day that the health system and others wrangled unrelated computer glitches caused by a software update

Patient information for nearly 57,000 people may have been shared during the latest health care-related cyberattack in Michigan.

Hackers accessed emails of three employees at Michigan Medicine, part of the University of Michigan, May 23 and May 29, and those accounts were “were disabled as soon as possible so no further access could take place,” according to a statement Monday.

Sponsor

Patients began to be notified Friday, but the attack was unrelated to “technical issues” the hospital system reported that same day from the global CrowdStrike outages.The CrowdStrike problems were linked to a software update by the Texas-based global cybersecurity firm. In addition to delaying flights and interrupting some business operations, the glitch took down some phone lines and snarled some health care systems.

But the cyberattack on Michigan Medicine, where emails were hacked twice in 2022, was intentional. In the most recent attack, email accounts were accessed remotely, according to Mary Masson, spokesperson for the health system.

Related:

It was not clear whether investigators were able to identify the source of the attack. Masson said it was not ransomware, like the May attack that took down the electronic medical records system at Ascension health, a national chain that operates 15 Michigan hospitals and 40 senior living facilities in Michigan. That attack hobbled the system for weeks.

While it did not appear that whoever attacked Michigan Medicine was trying to obtain patient health information, “data theft could not be ruled out,” according to the statement.

All emails “were presumed compromised,” according to the statement.

During a review that took more than two weeks in June to complete, reviewers identified emails that contained medical record numbers, addresses, dates of birth, diagnostic and treatment information, or health insurance information. In four cases, a patient’s Social Security number was involved.

No credit card, debit card or bank account numbers were compromised, according to the health system.

Sponsor

It took some time for the hospital system to alert patients as the investigation took place, Masson said.

“While we were able to stop the threat actor very quickly, it takes longer to analyze the data involved … Following a full data analysis, we finalized the review and determined that identifiable protected health information pertaining to 56,953 patients was involved,” she told Bridge Michigan.

Michigan Medicine includes three hospitals, as well as about 30 health centers and 120 outpatient clinics.

Anyone concerned about the breach who does not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-888-409-7484. Calls will be answered Monday through Friday, 9 a.m. to 9 p.m. EDT.

How impactful was this article for you?

Michigan Health Watch

Michigan Health Watch is made possible by generous financial support from:

Please visit the About page for more information, and subscribe to Michigan Health Watch.

Only donate if we've informed you about important Michigan issues

See what new members are saying about why they donated to Bridge Michigan:

  • “In order for this information to be accurate and unbiased it must be underwritten by its readers, not by special interests.” - Larry S.
  • “Not many other media sources report on the topics Bridge does.” - Susan B.
  • “Your journalism is outstanding and rare these days.” - Mark S.

If you want to ensure the future of nonpartisan, nonprofit Michigan journalism, please become a member today. You, too, will be asked why you donated and maybe we'll feature your quote next time!

Pay with VISA Pay with MasterCard Pay with American Express Pay with PayPal Donate Now