The personal information of 112,000 people who were treated at Beaumont Health was potentially compromised in a phishing email data breach that dates back nearly a year, the state’s largest hospital system announced Friday.
Among the details that may have been leaked to “an unauthorized third party” include names, dates of birth, Social Security numbers, medical conditions, and in some cases, bank account information and driver’s license numbers.
The eight-hospital health system said it worked with external forensic cybersecurity experts to investigate the data breach, and notified those who were affected Friday by mail.
- The latest:Â Michigan coronavirus map, locations, updated COVID-19 news
- What Michigan’s new coronavirus stay-at-home executive order means
- When Michigan unemployment, stimulus checks, and $600 CARES money will arrive
Beaumont discovered in late March that employee email accounts had been accessed May 23-June 3, 2019 by a third party, potentially compromising such patient information as name, date of birth, diagnosis, diagnosis code, procedure, treatment location, treatment type, prescription information, Beaumont patient account number, and Beaumont medical record number.
For a smaller group of people — roughly 460, Beaumont spokesman Mark Geary said — Social Security numbers, financial account information, health insurance information, and driver’s license or state identification numbers also were compromised.
Stories from the front
Bridge Magazine, Detroit Free Press and Michigan Radio are teaming up to report on Michigan hospitals during the coronavirus pandemic. We will be sharing accounts of the challenges doctors, nurses and other hospital personnel face as they work to treat patients and save lives. If you work in a Michigan hospital, we would love to hear from you. You can contact reporters Robin Erb rerb@bridgemi.com at Bridge, Kristen Jordan Shamus kshamus@freepress.com at the Free Press and Kate Wells katwells@umich.edu at Michigan Radio.
Those 460 patients had some type of financial information impacted and all were offered credit monitoring, except 10 patients who are now deceased.
The remainder of the patients only had clinical information disclosed, such as diagnosis, treatment, medical record number, and/or prescription information.
Beaumont said the 112,000 people affected in the security breach accounts for less than 5 percent of the 2.3 million patients the health system serves.
To prevent further risks, Beaumont says it has put in place new technical safeguards and is training and educating employees about identifying and handling malicious emails.
Those whose information may have been compromised are encouraged to monitor insurance statements and accounts for suspicious activity.
Anyone with questions can call 888-921-0518 from 9 a.m.-6:30 p.m. Monday-Friday.
Contact Kristen Jordan Shamus: 313-222-5997 or kshamus@freepress.com.
RESOURCES:
- Hey, Michigan, here’s how to make a face mask to fight coronavirus
- Michigan coronavirus dashboard: cases, deaths and maps​
- Michigan families can get food, cash, internet during coronavirus crisis
- How to give blood in Michigan during the coronavirus crisis
- 10 ways you can help Michigan hospital workers right now
- Michigan coronavirus Q&A: Reader questions answered
- How to apply for Michigan unemployment benefits amid coronavirus crisis
Republish our articles for free, online or in print, under our Republication Guidelines. Questions? Email republishing@bridgemi.com
