cyber Breach

Michigan Medicine

May 11, 2023 1 min read
Michigan Medicine

Michigan Medicine notified approximately 5,500 patients about a phishing email campaign that have exposed some of their health information.

During the campaign, emails containing a malicious link were sent to over 3,200 Michigan Medicine employees.

This email was opened by three employees, giving the attacker access to their email accounts.

The compromised information includes names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and health insurance information.

As soon as Michigan Medicine learned that the email accounts were compromised, they were disabled so no further access could take place until the passwords were changed.

Source: https://www.michiganmedicine.org/news-release/michigan-medicine-notifies-patients-health-information-breach-0

TPRM report: https://scoringcyber.rankiteo.com/company/michigan-medicine

"id": "mic4393423",
"linkid": "michigan-medicine",
"type": "Data Leak",
"date": "08/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 5500,
                        'industry': 'Healthcare',
                        'name': 'Michigan Medicine',
                        'type': 'Healthcare'}],
 'attack_vector': 'Email',
 'data_breach': {'number_of_records_exposed': 5500,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Medical record numbers',
                                              'Addresses',
                                              'Dates of birth',
                                              'Diagnostic and treatment '
                                              'information',
                                              'Health insurance information']},
 'description': 'Michigan Medicine notified approximately 5,500 patients about '
                'a phishing email campaign that exposed some of their health '
                'information. Emails containing a malicious link were sent to '
                'over 3,200 Michigan Medicine employees, and three employees '
                'opened the email, giving the attacker access to their email '
                'accounts.',
 'impact': {'data_compromised': ['Names',
                                 'Medical record numbers',
                                 'Addresses',
                                 'Dates of birth',
                                 'Diagnostic and treatment information',
                                 'Health insurance information']},
 'initial_access_broker': {'entry_point': 'Email'},
 'response': {'containment_measures': ['Disabled compromised email accounts',
                                       'Changed passwords']},
 'title': 'Phishing Email Campaign at Michigan Medicine',
 'type': 'Phishing',
 'vulnerability_exploited': 'Human'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.