Henry Ford Health is notifying some of their patients that an unauthorized individual conducted an email phishing scheme to gain access to business email accounts. The improper access was quickly discovered, and the email accounts were secured.
Here are important facts to know:
- Some of the patient information was contained in the affected email boxes, but they do not know whether such information was actually accessed or not.
- Phishing email schemes are used to fraudulently obtain victims’ credentials or personal information by sending them fake email messages.
The incident occurred on March 30, 2023, and Henry Ford Health immediately began an extensive investigation to determine what happened.
Through their forensics investigation, they determined on May 16, 2023, that protected health information was contained in the email boxes and could have been accessed by the bad actor.
The information stored on the affected email accounts may have included the following: name, gender, date of birth, age, lab results, procedure type, diagnosis, date of service, telephone number, medical record number and/or internal tracking number.
As a result of this incident, Henry Ford Health is implementing additional security measures and providing additional training to employees about recognizing the signs of suspicious email and what to do if they receive one.
The Double-Edged Sword of AI in Healthcare Cybersecurity
Third-Party Vendors and Networks Pose Risks for Healthcare Cybersecurity
Community Health Network and Lifepoint Behavioral Health Form Joint Venture
PAM Health Reveals Plans to Build 42-bed Rehab Hospital in Florida
When Product Labels and Regulatory Guidelines Clash