Posted On March 7, 2022 Consumer Privacy & Data Breaches
March 7, 2022 – Recently, University of Michigan Health (“Michigan Medicine”) announced that, as the result of an employee’s email account being compromised, the protected health information of as many as 2,900 patients may have been accessed by an unauthorized party. Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating this security breach. As a part of the investigative process, our attorneys will be interviewing any victims of the breach to determine what harm was caused and whether they are eligible to bring a data breach class action lawsuit against Michigan Medicine.
According to a notice posted on the Michigan Medicine website, on January 6, 2022, an employee noticed suspicious activity on their email account. The employee reported the activity and, it was later determined that on December 23, 2021, the employee’s email account had been compromised. The Michigan Medicine IT department then immediately disabled the email account; however, beginning on January 31, 2022, Michigan Medicine reviewed the employee’s email account to determine what patient information may have been compromised.
On February 15, 2022, Michigan Medicine learned that some of the emails and attachments in the affected account contained certain parties’ names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and/or health insurance information.
On March 3, 2022, Michigan Medicine posted notice of the data breach on its website. Official data breach letters may be forthcoming.
Michigan Medicine is an academic medical center owned by the University of Michigan. The organization traces its roots back to 1850, when the University of Michigan Medical School first opened its doors in Ann Arbor, Michigan. Michigan Medicine is one of the largest hospitals in Michigan, handling more than 2.4 million outpatient and emergency visits per year. Michigan Medicine employs around 30,000 people, including roughly 3,900 faculty, 6,000 nurses, 1,800 residents and 300 clinical fellows
When you allowed Michigan Medicine access to your personal data, you trusted the organization to keep your sensitive information safe. However, news of the Michigan Medicine data breach raises some very serious questions about the organization’s data security measures and whether more could have been done to prevent this type of cyber-attack.
Regardless of the industry, all businesses (including non-profits and educational institutions) have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against an organization that misused or mishandled their information. However, the investigation into the Michigan Medicine breach is only in its beginning phases. For that reason, it is too early to tell if Michigan Medicine was legally responsible for the breach. However, our data breach attorneys are investigating the Michigan Medicine security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against Michigan Medicine, contact a data breach attorney as soon as possible.
If you receive a data breach notification from Michigan Medicine in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Michigan Medicine data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.