September 27, 2023

Michigan Medication customers of about 34k received notifications that their health information was possibly exposed in a data breach.

Threat actors used a phishing scam to compromise employee email accounts which led the health system to alert 33,850 patients of the exposure.

Advertisements

The campaign was conducted between Aug. 15-23, when employees were lured to a webpage designed to get them to submit Michigan Medicine login information, adding four employee email accounts were accessed.

The health system discovered the email accounts were compromised on Aug. 23. Those accounts were disabled to prevent further access by the cyber attacker.

The information in email accounts included identifiable patient information such as name, medical record number, address, date of birth, diagnostic and treatment information and health insurance information, adding the owners of the email accounts used the information for job-related functions.

Advertisements

The email accounts did not contain any credit card, debit card or bank account numbers, officials said. One patient received a separate notice because their Social Security Number was involved.

This is the second reported data breach of 2022, as about 3,000 patients were affected by a different breach in March.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: