25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Michigan Medicine Suffers Another Email Data Breach

Posted By on Jul 23, 2024

University of Michigan Medicine (Michigan Medicine) has recently notified 56,953 individuals about the exposure of some of their protected health information. According to a recent news release, patient data was stored in three employee email accounts which were accessed by an unauthorized third party between May 23, and May 29, 2024.

When suspicious email activity was detected, the affected accounts were immediately secured to prevent further unauthorized access by blocking the attacker’s IP address and changing account passwords. An investigation was launched to determine the nature and scope of the breach which confirmed that the incident was limited to three employee email accounts.

Michigan Medicine conducted a review of the affected email accounts between June 10, 2024, and June 27, 2024, and confirmed that sensitive data was present in the accounts. The email accounts were used for communications related to payment and billing coordination. Michigan Medicine did not find any evidence to suggest the aim of the attack was to obtain patient information; however, data theft could not be ruled out.

The types of information exposed varied from individual to individual and included patient and insurance guarantor information including names, addresses, dates of birth, medical record numbers, diagnostic and treatment information, and health insurance information. Notification letters started to be mailed to the affected individuals on July 19, 2024. Credit monitoring services do not appear to have been offered; however, Michigan Medicine has advised all affected individuals to be vigilant against identity theft and fraud and recommends monitoring medical insurance statements for fraudulent activity.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Michigan Medicine was affected by the recent outage due to the faulty CrowdStrike update but confirmed that the data breach was unrelated to that incident. This is the second email breach at Michigan Medicine in the past 2 years. On October 25, 2022, Michigan Medicine notified the HHS’ Office for Civil Rights about a breach involving the protected health information of 33,857 individuals. Four email accounts were compromised between August 15 and August 23, 2022, as a result of a phishing attack.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Prevent HIPAA Email Violations

Avoid the common misunderstandings and implementation errors relating to HIPAA email.

Learn more