Data theft can't be ruled out in Michigan medicine data breach, officials say

ANN ARBOR, Mich. (FOX 2) - At least one patient's social security number was involved in a data breach that occurred at Michigan Medicine over the summer after a cyberattack targeted employee information at the hospital. 

The University of Michigan-affiliated hospital said that four separate employees entered their login information, allowing the hacker to gain access to the email accounts. The breach happened on Aug. 15 and wasn't discovered until the 23rd.

Michigan Medicine said the attack didn't appear to be for obtaining patient health information but that a data theft could not be left out. Some emails and attachments that were in the breach included patients' names, medical record number, address, date of birth, treatments, and health insurance information. 

None of the emails that were breached had credit card, debit card, or bank account information.

Michigan Medicine said it disabled the email accounts connected to the breach and completed its review of the breach on Oct. 17.

Any affected patients will be notified by a letter, which were sent out over the past week.

"Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence," said Jeanne Strickland, Michigan Medicine chief compliance officer.

Other safeguards were also put in place to further protect the infrastructure in Michigan Medicine's system, the hospital said in a release.