Henry Ford Health Systems is notifying 18,470 patients whose personal information may have been stolen in a data breach.
Henry Ford says it first learned of the incident on October 3rd, after someone hacked a group of employees' emails.
The stolen information includes: name, date of birth, medical record number, provider's name, date of service, department's name, location, medical condition and health insurer. Social security numbers and credit card information was not revealed.
Patients who received a notification letter are asked to call 844-327-2396.
Here is the full statement from Henry Ford Health Systems:
"Henry Ford Health System is notifying 18,470 patients whose personal health information was viewed or stolen by someone who gained access to it illegally. It is not clear whether this information was used for any inappropriate purposes.
We are very sorry this happened. We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted.
We first learned of the incident on Oct. 3, 2017 after someone gained access to or stole the email credentials of a group of employees. The email credentials are name and password protected by encryption. Using the email credentials, the person(s) would have had access to the email accounts of the employees. Contained in the email accounts were patient health information.
Like other health organizations, our providers share encrypted email messages to ensure patient care is seamless.
The patient information viewed or taken may have included their name, date of birth, medical record number, provider’s name, date of service, department’s name, location, medical condition and health insurer. Neither their Social Security number nor credit card information was revealed.
To reduce future risk of this happening again, we are strengthening our security protections for employees, all of whom will be educated about this measure in the coming weeks. In addition, we are expediting our initiatives around email retention and multi-factor authentication, which will decrease future risks to our patients and employees. To provide protection to our patients, new medical record numbers will be issued upon request.
Patients who received a notification letter are asked to call 844.327.2396"