Henry Ford Health notified 168,000 patients that a phishing scheme, conducted by an unauthorized party, may have compromised their protected health information.
On March 30, the Detroit-based health system said, the unauthorized party conducted a phishing scheme to access its business email accounts. The accounts contained patients' protected health information in its email boxes, according to a July 14 breach notification from Henry Ford.
The protected health information compromised includes: names, gender, dates of birth, age, lab results, procedure types, diagnoses, dates of service, telephone numbers, medical record numbers and/or internal tracking numbers.
The health system said it would be adding additional security measures and further training for employees to prevent another incident like this from occurring.