A cyberattack compromised three employee email accounts at Ann Arbor-based Michigan Medicine, which led to about 56,953 individuals being personally notified.
According to a July 22 news release from the health system, the breached emails were work-related messages dealing with payment and billing coordination for patients. The emails contained some patient-protected health information including names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information.
Michigan Medicine said during its investigation into the incident that it did not find any evidence to suggest that the cyberattack's mission was to obtain patient health information, but that it could not rule out data theft.
Michigan Medicine said the email accounts did not contain any credit card, debit card or bank account numbers. Although four patients, according to the release, did have their Social Security numbers compromised.