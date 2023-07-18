LANSING, Mich. (WILX) - A data breach at Henry Ford Health is believed to have compromised the data of roughly 168,000 patients.

It’s believed that some of their personal information leaked due to a phishing email scam.

“We take very seriously our responsibility to protect our patients’ personal information. Unfortunately, we experienced a breach into three of our business email accounts. We quickly discovered the unauthorized access, secured the accounts and the threat, and then launched a thorough investigation. We’ve notified all potentially impacted patients by mail to their home addresses. We’ve also enhanced our already rigorous security measures and are providing additional training to our team members.”

Henry Ford Hospital confirmed the incident happened on March 30. They will begin notifying people this week if they are one of the 168,000 whose information has been compromised.

Katie Grevious, with the Better Business Bureau, said she can’t comment specifically on the Henry Ford data breach. But in general, people who get that letter should not panic.

“The first thing to do is to stay calm,” Grevious said. “It’s very stressful when something like this happens, our information is potentially out there.”

She said you can do a lot on your own to check for potential fraud. Grevious suggests changing some passwords.

“If your password is the same from a compromised account as it is on others, change those right away,” Grevious said.

A representative for Henry Ford Health said social security numbers were not among the information that may have been contained in the compromised email boxes. Henry Ford Health said in an email to News 10 that that information may have contained information including: name, gender, date of birth, age, lab results, procedure type, diagnosis, date of service, telephone number, medical record number and/or internal tracking number.

Henry Ford Health is notifying some of their patients that an unauthorized individual conducted an email phishing scheme to gain access to business email accounts. The improper access was quickly discovered and the email accounts were secured. Here are important facts to know: The incident occurred on March 30, 2023 and we immediately began an extensive investigation to determine what happened. Through our forensics investigation, we determined on May 16, 2023 that protected health information was contained in the email boxes and could have been accessed by the bad actor. The information stored on the affected email accounts may have included the following: name, gender, date of birth, age, lab results, procedure type, diagnosis, date of service, telephone number, medical record number and/or internal tracking number. As a result of this incident, we are implementing additional security measures and providing additional training to employees about recognizing the signs of suspicious email and what to do if they receive one. If there are questions, please call our Incident Response Line at 833-627-2685 between 9 a.m. and 9 p.m. Eastern Time, Monday - Friday. That number goes to our business partner, Epiq Solutions, a call center based in Portland, Oregon that specializes in providing assistance for data security and cybersecurity incidents and services for other industries.

Grevious said that people need to be skeptical about emails and links sent to them and that oftentimes you get an email from someone you know, but it will be from an email address you don’t recognize.

Henry Ford Health has five locations across Metro Detroit and Henry Ford Allegiance Health in Jackson. The healthcare organization had information hacked in 2017 that impacted about 18,000.

Henry Ford Health said that anyone with questions about the data breach or who would like to report an incident can call their response line at 833-627-2685.

