More than 2,000 people were able to register for unauthorized COVID-19 vaccine appointments through a vulnerability in Beaumont Health's Epic EHR scheduling system before it was shut down.
The Southfield, Mich.-based health system said it identified unusual activity related to its online COVID-19 vaccine scheduling tool Jan. 30. An individual had identified and publicly shared a backdoor pathway allowing people to "cut in line" and schedule a vaccine appointment.
The health system said it worked with Epic to eliminate the vulnerability and canceled the 2,700 unauthorized appointments.
"These appointments violate the ethical distribution framework Beaumont created based on the state of Michigan's mandatory vaccine guidelines," said Hans Keil, senior vice president and CIO of Beaumont, in a news release. "We regret 2,700 people in our community became victims of this unfortunate incident. We remain committed to vaccinating as many people as possible who meet the state's guidelines."
The incident did not compromise patient information or hospital records.