BreachExchange mailing list archives
Nearly 20, 000 patients compromised by Henry Ford Health System data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 7 Dec 2017 00:06:46 -0600
https://www.freep.com/story/news/local/michigan/detroit/2017/12/06/henry-ford-hospital-data-breach/926163001/ Henry Ford Health System announced this week a data breach of health information that involves nearly 20,000 patients. It is "unclear" if any of the compromised information has been used "inappropriately." "We are very sorry this happened. We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted," the hospital wrote in a news release this week, noting that they learned of the incident on October 3 after the e-mail credentials of a group of employees were also compromised. "... Someone gained access to or stole the e-mail credentials of a group of employees," a release on the breach stated, explaining that patient health information was inside of these employee e-mail accounts. It is still unclear if any of the information that was "viewed or stolen" has been used for any inappropriate use, the hospital stated adding that Social Security numbers and credit card info was not included in the data breach. What was compromised was information such as patient names, birthdates, medical record numbers, provider names, dates of service, department names, locations, medical conditions and health insurers. A total of 18,470 patient's information was compromised. "To reduce future risk of this happening again, we are strengthening our security protections for employees, all of whom will be educated about this measure in the coming weeks," the hospital stated, adding that they are moving forward with initiatives dealing with e-mail retention and multi-factor authentication. This is not the first time a Detroit-area hospital has undergone a data breach. In July Detroit Medical Center announced the compromisation of health information that involved about 1,500 patients seen at one of its facilities in 2015 and 2016. In that case a staffing agency contracted by DMC had told the hospital that one of its employees had provided the information to unauthorized people who weren’t affiliated with the DMC organization. In the case of Henry Ford Health System, the hospital will issue new medical record numbers upon request. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Nearly 20, 000 patients compromised by Henry Ford Health System data breach Destry Winant (Dec 07)