Security Affairs reports that Michigan Medicine had the personal and health information of 56,953 patients compromised following a cyberattack in late May.
Infiltration of Michigan Medicine's employee email accounts on May 23 and 29 enabled the exfiltration of individuals' names, birthdates, addresses, medical record numbers, diagnostic and treatment details, and health insurance information, as well as the Social Security numbers of four patients, said Michigan Medicine in a data breach notice. "The exposed emails were part of a job-related communications concerning payment and billing coordination for patients," added the notification, which emphasized that the incident did not impact debit card, credit card, or bank account numbers. All impacted employee email accounts have already been deactivated and subjected to a forced password reset by the University of Michigan's academic medical center, which also moved to block the threat actors' IP address to avert further compromise.
