Michigan Medicine had protected health information from almost 58,000 individuals compromised following a cyberattack on July 30, according to the Detroit Free Press.
Infiltration of a Michigan Medicine employee account through a malicious multi-factor authentication prompt has enabled attackers to access and exfiltrate emails containing patients' names and medical record numbers, as well as diagnostic or treatment details, said Michigan Medicine. "The emails were job-related communications for treatment and coordination for Michigan Medicine patients. The information involved for each specific patient varied, depending on the particular email or attachment," noted the health system, which emphasized that individuals' Social Security numbers and credit, debit, and bank account numbers were not impacted by the breach. Such a disclosure comes more than two months after Michigan Medicine disclosed the breach of personal data from over 56,000 individuals following a cyberattack in late May. Michigan Medicine has already noted its commitment to bolster MFA education among its employees.
