cyber Breach

Michigan Medicine

May 13, 2022 1 min read
Michigan Medicine

The patient information of Michigan Medicine was leaked in a data security incident after an employee email account was compromised.

A newly-hired employee accessed patients' electronic medical records of about 2,920 patients without any business need.

The compromised information included demographic and clinical information such as diagnosis, treatment, and test results.

The employee's excess was immediately cut off and further investigation revealed that no information was misused and the employee checked the records out of curiosity.

Source: https://www.uofmhealth.org/michigan-medicine-notifies-patients-data-information-breach

TPRM report: https://scoringcyber.rankiteo.com/company/michigan-medicine

"id": "mic173012522",
"linkid": "michigan-medicine",
"type": "Breach",
"date": "03/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 2920,
                        'industry': 'Healthcare',
                        'location': 'Michigan',
                        'name': 'Michigan Medicine',
                        'type': 'Healthcare'}],
 'attack_vector': 'Compromised Email Account',
 'data_breach': {'number_of_records_exposed': 2920,
                 'personally_identifiable_information': ['Demographic '
                                                         'Information'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Demographic Information',
                                              'Clinical Information']},
 'description': 'The patient information of Michigan Medicine was leaked in a '
                'data security incident after an employee email account was '
                "compromised. A newly-hired employee accessed patients' "
                'electronic medical records of about 2,920 patients without '
                'any business need. The compromised information included '
                'demographic and clinical information such as diagnosis, '
                "treatment, and test results. The employee's excess was "
                'immediately cut off and further investigation revealed that '
                'no information was misused and the employee checked the '
                'records out of curiosity.',
 'impact': {'data_compromised': ['Demographic Information',
                                 'Clinical Information']},
 'initial_access_broker': {'entry_point': 'Compromised Email Account'},
 'investigation_status': 'Resolved',
 'motivation': 'Curiosity',
 'post_incident_analysis': {'root_causes': 'Internal Employee Curiosity'},
 'response': {'containment_measures': "Employee's access was immediately cut "
                                      'off'},
 'threat_actor': 'Internal Employee',
 'title': 'Michigan Medicine Data Security Incident',
 'type': 'Data Breach'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.