University of Michigan Health (Michigan Medicine) has just reported the probable exposure of the protected health information (PHI) of roughly 33,850 individuals because of a phishing attack. Michigan Medicine noticed suspicious activity inside its email platform and took steps right away to protect the environment to stop continuing unauthorized access.
Michigan Medicine stated the phishing campaign occurred from August 15 to August 23, 2022, causing the compromise of four email accounts. As per the breach notice of Michigan Medicine, employee email accounts were made secure by means of multi-factor authentication during the attack. Four employees answered the phishing email messages, went to a malicious web page, shared their Michigan Medicine login details, and replied to the multi-factor authentication prompts, hence, their accounts were accessed.
The investigation by forensic specialists did not find any proof of data theft and it seemed there was no breach of accounts so as to get patient information; nonetheless, Michigan Medicine has deemed that all data in the accounts were breached. The analysis of the email accounts was finalized on October 17, 2022. Michigan Medicine already mailed the notification letters.
The compromised accounts held work-associated communications for patient care and coordination. The data in the emails varied from patient to patient and could have included names, in addition to at least one of these types of information: birth date, address, diagnostic and treatment details, and health insurance data. Michigan Medicine mentioned it has enforced extra technical safety measures to its email system and the infrastructure to avert even more similar occurrences.
This is Michigan Medicine’s number two email account breach report filed this 2022. At the end of February, Michigan Medicine publicized that just one email account that contains the PHI of 2,920 patients was breached. Michigan Medicine was at the same time attacked in a phishing campaign last 2019, resulting in the receipt of phishing email messages by 3,200 workers. In that attack, three employees answered, causing the compromise of the sensitive data of 5,466 individuals.
Mailing Vendor Hacking Incident Affects Members of Delta Dental of Washington
Delta Dental of Washington has reported the potential compromise of the PHI of 6,361 dental benefits plan members due to a cyberattack on Kaye-Smith, its mail and printing supplier. The attack happened in June 2022 and led to the breach of data including names, group numbers, addresses, and Delta Dental Member ID numbers. Delta Dental of Washington was one of many companies impacted by the security breach.
On behalf of Delta Dental of Washington. Kaye-Smith is notifying the impacted persons and has provided free credit monitoring services for one year.