Beaumont Health said patient data was potentially exposed after an unauthorized third party accessed the employee email system earlier this year. The data could include sensitive personal information and medical diagnoses.
(TNS) — About 6,000 Beaumont Health patients had information possibly exposed during a data breach of employee email accounts.
Email accounts were accessed by an unauthorized third party between Jan. 3 and Jan. 29, according to a news release from the health system.
On June 5, during an investigation, the system found one or more of the accessed accounts contained personal or protected health information, according to the system. This included patient names, dates of birth, diagnosis, diagnosis codes, procedures, treatment locations, treatment types, prescription information, Beaumont patient account numbers and Beaumont medical record numbers.
The investigation did not definitively determine if any information was viewed or acquired by the third party, according to the health system. Beaumont was not aware of misuse of the data and its electronic medical record system was not impacted.
“However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts,” according to the health system.
Fewer than 0.3% of 2.3 million Beaumont patients were impacted, according to the health system.
Impacted individuals were notified Tuesday and are asked to monitor their insurance statements for transactions for care they didn’t receive.
The breach isn’t the first reported by the health system.
In January, the system reported firing an employee accused of transferring sensitive files to an individual working for a personal injury attorney between February 2017 and October 2019.
In April, the system reported 112,000 people who were treated at Beaumont Health had data potentially compromised in a phishing email scam from May 23 to June 3, 2019.
Since then, Beaumont has improved its multi-factor authentication software, conducted risk analysis, and provided additional employee training on the identification and handling of malicious emails, according to the news release.
Immediately after the latest breach was detected, the involved email accounts were disabled and password resets were required, according to the system.
A toll-free response line has been set up Monday through Friday from 9 a.m. to 6:30 p.m. at 844-925-2476 for individuals to determine if they have been impacted or provide more information on the incident.
©2020 the Detroit Free Press, Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.