The northern-Michigan based Munson Healthcare group reported several employee email accounts were hacked and being accessed for two and a half months last year exposing PHI.
The breach was discovered on January 16, 2020 and the investigation into the incident revealed the email accounts in question were being accessed by an outside source between July 31, 2019 and October 22, 2019. The accounts contained PHI that included names, dates of birth, insurance information along with treatment and diagnostic information. In some cases patient financial account numbers, driver’s license numbers and Social Security numbers were involved, Munson reported.
The number of patients affected and the exact method used to gain access to the email accounts was not revealed.
“This incident does not affect all patients of Munson Healthcare and not all information was included for all individuals. Munson Healthcare is now notifying affected individuals so that they can take steps to protect their information,” the healthcare system said.