Beaumont Health says 112K patients were impacted by data breach

Beaumont Health System said a data security incident happened impacting 112,000 people where an unauthorized third-party accessed some employee accounts containing patient information last year.

The emails that were accessed had personal information like name, date of birth, diagnosis, diagnosis code, procedute, treatement location, treatment type, prescription information, Beaumont patient account number and medical record numbers.

"A limited number of individuals’ Social Security numbers, financial account information, health insurance information, and driver's license or state identification numbers were also contained in the impacted email accounts," the release said. "This incident does not affect all patients of Beaumont and not all of these identifiers were included for each notified individual."

Beaumont, which alerted patients Friday, said it became aware on March 29 that the email accounts were accessed between May 23, 2019 to June 3, 2019. 

The healthy system said the investigation did not reveal if any information was taken by the third party, according to a release. 

"Our investigation was unable to determine definitively if any information was actually acquired by the unauthorized third party, and Beaumont has no knowledge of any inappropriate or misuse of any data. Beaumont’s electronic medical record system was not impacted by this incident and remains secure. However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts."

For further questions or additional information regarding this incident, or to determine if you may be impacted by this incident, a dedicated toll-free response line has been set up at 888-921-0518. The response line is available Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time.

The release continues to say, "Beaumont has taken steps to improve internal procedures to identify and remediate future threats in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards and providing additional training and education to Beaumont employees on identification and handling of malicious emails. Notified patients should monitor insurance statements for any transactions related to care or services that have not actually been received."