25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Beaumont Health Notifies 112,000 Patients About May 2019 Data Breach

Posted By on Apr 20, 2020

Michigan’s largest healthcare system, Beaumont Health, has announced that unauthorized individuals have gained access to the email accounts of some of its employees and potentially viewed or obtained patient information stored in emails and email attachments.

On March 29, 2020, Beaumont Health learned that the email account breach, which occurred almost 10 months ago, resulted in the exposure and potential theft of patient information. The investigation of the breach revealed the email accounts were accessed by unauthorized individuals between May 23, 2019 and June 3, 2019. A forensic investigation was performed to determine the extent and scope of the breach, along with a manual review of all emails in the compromised accounts. That review has taken some time to complete, hence the delay in issuing breach notification letters.

The breached email accounts were discovered to contain the protected health information of around 5% of its 2.3 million patients, which is around 112,000 individuals. The types of information exposed and potentially stolen varied from patient to patient and may have included names in combination with one or more of the following data elements: Dates of birth, diagnoses, diagnosis codes, treatment locations, treatment types, procedures, prescription information, internal patient account numbers and medical record numbers. A “limited” number of Social Security numbers and other data was also potentially compromised. While email account access was confirmed, it was not possible to tell if the attackers accessed or stole patient information.

The breach has prompted Beaumont Health to provide further training to the workforce to help employees recognize phishing and other malicious emails. Internal procedures have also been revised and additional technical safeguards have been implemented to prevent further breaches in the future.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

This is the second data breach to be announced by Beaumont Health this year. In January, the health system notified 1,182 patients that a former employee had been accessing the records of patients who had received treatment after an automobile accident. The former employee is understood to have disclosed the data to a personal injury lawyer.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist