SECURITY
SECURITY
SECURITY
Patient records exposed in data breach at Michigan Medicine
The data of thousands of patients is believed to have been exposed following a data breach at Michigan Medicine.
The data breach started with an employee email account compromised on Dec. 23. The attacker used the account to obtain information and send phishing emails. However, the employee did not notice the account being taken over until Jan. 6, when the incident was reported to Michigan Medicine’s technology department.
Michigan Medicine claims it has no evidence that the attack aimed to obtain patient health information, but data theft cannot be ruled out. At the least, all emails in the account are presumed to have been compromised.
Details in the emails included names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and health insurance information. The emails were job-related communication for the coordination and care of patients.
Michigan Medicine said that they had placed “additional technical safeguards” on their email system and infrastructure that supports it to prevent similar incidents from occurring again.
“Patient privacy is extremely important to us, and we take this matter very seriously,” Jeanne Strickland, chief compliance officer of Michigan Medicine, said in a statement.
That may be a stretch, since it’s not the first time recently when Michigan Medicine has had patient files compromised. The Detroit Free Press reported that a newly hired employee accessed patient records without a business need between Dec. 1 and Jan. 25. Some 269 patients were compromised in that case.
“The use of a compromised legitimate email account is a gold mine for cybercriminals,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Once in an email account, the bad actors will often use the accounts to spread malware, issue fraudulent invoices to customers, demand funds transfers or steal information.”
Kron added that “attacks from legitimate accounts are very effective because these bad actors will often continue previous email conversations with other people in earlier email chains, many email protections focus on email from external sources, and there is an automatic sense of trust when you receive an email from within your own organization.”
Photo: Michigan Medicine
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
