Henry Ford Health System, a six-hospital delivery system serving metropolitan Detroit, has begun notifying 18,470 patients following a hacking attack.
The organization on October 3 learned that one or more unknown attackers gained access to or stole the email credentials of a group of employees; the emails also contained protected health information.
Using the email credentials, the perpetrators would have had access to the email accounts of the employees, the health system said in a notice to media outlets.
Compromised information may have included patient names, dates of birth, medical record numbers, provider names, dates of service, department names, locations, medical conditions and health insurers. However, Social Security numbers and credit card information were not compromised.
“To reduce future risk of this happening again, we are strengthening our security protections for employees, all of whom will be educated about this measure in the coming weeks,” a public statement by Henry Ford indicated.
“In addition, we are expediting our initiatives around email retention and multi-factor authentication, which will decrease future risks to our patients and employees. To provide protection to our patients, new medical record numbers will be issued upon request,” the announcement indicated.
The impacted patients are not receiving identity monitoring services as their exposure was not of a financial nature, according to a spokesperson at Henry Ford Health System.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access