Ann Arbor-based Michigan Medicine notified 269 patients Feb. 22 that a newly hired employee accessed patient records without legitimate need.
The individual accessed patient medical records from Dec. 1, 2021, to Jan. 25, 2022. He was caught Jan. 27 and was fired shortly after, according to Michigan Medicine's data breach notification.
The individual viewed demographic and clinical information such as diagnosis, treatment and test results from records of patients he was familiar with from this local network. Patients' credit card, debit card, bank account and Social Security numbers were not involved in the illegitimate access.
During Michigan Medicine's investigation into the incident, the hospital found the individual acted out of curiosity, as it had no indication that patient medical information was further used or disclosed for other reasons.