About 6,000 Beaumont Health patients had information possibly exposed during a data breach of employee email accounts.
A small number of employees fell victim to a phishing scam and six email accounts were impacted, Beaumont privacy officer Kelly Partin said in an email to the Detroit Free Press.
An unauthorized third party accessed the accounts between Jan. 3 and Jan. 29, according to a news release from the health system.
The system was first alerted to the incident through routine monitoring in January, Partin said. An investigation was conducted and, when it concluded on June 5, the system found one or more of the accessed accounts contained personal or protected health information.
This included patient names, dates of birth, diagnosis, diagnosis codes, procedures, treatment locations, treatment types, prescription information, Beaumont patient account numbers and Beaumont medical record numbers, according to the health system.
Beaumont does not have evidence that any information in the email accounts were viewed or acquired by the third party, Partin said.
Beaumont was not aware of misuse of the data and its electronic medical record system was not impacted.
“However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts,” according to the health system.
More: Beaumont security breach puts personal information of 112,000 people at risk
More: Unrest spreading among Beaumont doctors on eve of possible merger
More: Beaumont researchers develop rapid saliva, urine and blood test for coronavirus
Fewer than 0.3% of 2.3 million Beaumont patients were impacted, according to the health system.
Impacted individuals were notified Tuesday and are asked to monitor their insurance statements for transactions for care they didn’t receive.
The breach isn’t the first reported by the health system.
In January, the system reported firing an employee accused of transferring sensitive files to an individual working for a personal injury attorney between February 2017 and October 2019.
In April, the system reported 112,000 people who were treated at Beaumont Health had data potentially compromised in a phishing email scam from May 23 to June 3, 2019.
Since then, Beaumont has improved its multi-factor authentication software, conducted risk analysis, and provided additional employee training on the identification and handling of malicious emails, according to the news release.
Immediately after the latest breach was detected, the involved email accounts were disabled and password resets were required, according to the system.
A toll-free response line has been set up Monday through Friday from 9 a.m. to 6:30 p.m. at 844-925-2476 for individuals to determine if they have been impacted or provide more information on the incident.
Contact Darcie Moran at email@example.com. Follow her on Twitter @darciegmoran.