Around 3,200 Ann Arbor-based Michigan Medicine employees were targets in a phishing attack. Of those employees, three responded to the phishing emails, which may have exposed patient information, according to the HIPAA Journal.
Michigan Medicine discovered suspicious activity in the three email accounts July 8. Employees were immediately instructed to reset passwords to prevent further unauthorized access.
There has been no evidence that patient information has been misused. Information in the compromised email accounts included patient names, addresses, dates of birth, medical record numbers, diagnostic information, treatment information, health insurance information and a limited number of Social Security numbers.
Since the incident, Michigan Medicine has adopted additional technical safeguards to improve email security. Employees will also go through additional training to improve security awareness, reports the HIPAA Journal.