A cyberattack on an employee email account at Ann Arbor-based Michigan Medicine has impacted 57,891 individuals.
The breach occurred after an employee accepted an unsolicited multi-factor authentication prompt, allowing hackers to access their email and its contents, according to a Sept. 26 news release. The cyberattack took place on July 30.
According to Michigan Medicine, several emails and attachments within the compromised account contained identifiable patient information, including names, medical record numbers and details of diagnoses and treatments. However, sensitive financial information — such as Social Security numbers, credit card, debit card and bank account numbers — was not exposed.
While Michigan Medicine found no evidence that patient health information was the target of the attack, it acknowledged that data theft could not be entirely ruled out.
The employee involved in the incident has been subject to disciplinary action, per the health system's policies. Michigan Medicine began notifying affected individuals on Sept. 26.