Sandusky, Mich.-based McKenzie Health System notified patients that a cybersecurity incident had exposed their personal health information and disrupted some of its IT systems.
According to McKenzie Health System's website, on March 11, the health system identified that an unauthorized party accessed its systems, removing files that contained patients' personal information.
An investigation, conducted April 22, determined that the following patient information was obtained: names, contact information, demographic information, dates of birth, Social Security numbers, diagnosis and treatment information, prescription information, medical record numbers, provider names, dates of service, and health insurance information.
The health system also said the cybersecurity incident disrupted the operations of some of its IT systems.
McKenzie Health System's did not specify how many patients were affected by the breach.
To mitigate any further cybersecurity incidents, the health system said it has implemented additional safeguards and technical security measures to further protect and monitor its systems.