Ascension Michigan (single affiliated covered entity) ACE
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Ascension Michigan Data Breach
Ascension Michigan experienced a data breach where an unauthorized individual accessed patient information in its electronic health record system between October 15, 2015, and September 8, 2021. The breach was discovered following suspicious activity in the electronic health record, leading to an investigation that concluded on November 30, 2021. The unauthorized access was immediately terminated once discovered[1].
Information Exposed
The data breach may have exposed a range of patient information, including:
-
Full names
-
Dates of birth
- Addresses
- Email addresses
- Phone numbers
- Health insurance information
- Health insurance identification numbers and carriers
- Dates of service
- Diagnosis and treatment-related information
- Social Security numbers (in some cases)
Not all individuals had all types of information affected. Some patients were notified that their information was further disclosed to third parties[1].
Response and Measures Taken
Ascension Michigan has taken steps to enhance the protection of patient information, including reviewing internal controls and improving processes intended to safeguard patient data. The health system is offering free credit and identity theft protection-monitoring services to affected patients. It has also reported the breach to law enforcement and is cooperating with any investigation. A call center has been set up to address questions from those affected[1].
Number of Patients Affected
The breach affected the personal and medical information of more than 27,000 patients[5]. Ascension Michigan is part of Ascension Health, which operates numerous healthcare facilities across the state[4].
Legal and Compliance Aspects
Ascension Michigan is required by law to protect the privacy and security of medical information and to notify individuals if a breach of unsecured protected health information occurs[2]. The U.S. Department of Health and Human Services Office for Civil Rights is investigating the data breach[6].
Recommendations for Affected Individuals
Affected individuals are advised to remain vigilant and respond cautiously to any communication seeking medical information. They are also encouraged to take advantage of the offered credit and identity theft protection services[1].
Contact Information
For further information or to file a complaint about privacy practices, individuals can contact the Ascension Michigan HIPAA Privacy Officer by telephone at (586) 753-1171, by sending a letter to 28000 Dequindre Road, Warren, Michigan 48092, or by email at compliance.michigan@ascension.org[2].
Citations:
- https://www.freep.com/story/news/local/michigan/2022/03/04/ascension-michigan-data-breach-patients-personal-info/9381284002/
- https://healthcare.ascension.org/-/media/project/ascension/healthcare/markets/michigan/documents/ascension-mi-notice-of-privacy-practices.pdf
- https://www.scmagazine.com/analysis/ransomware-attack-on-ascension-st-vincents-legacy-emr-spurs-breach-notice
- https://www.jdsupra.com/legalnews/data-breach-alert-ascension-michigan-7166329/
- https://www.crainsdetroit.com/health-care/ascension-michigan-data-breach-exposes-personal-medical-information-more-27000-patients
- https://levinlaw.com/2022/03/18/ascension-michigan-data-breach-lawsuits
- https://www.hipaajournal.com/february-2022-healthcare-data-breach-report/
- https://wacotrib.com/news/local/crime-courts/ascension-providence-warns-cyberattack-on-contractor-may-have-compromised-patient-info/article_ed316c88-99e9-11ee-9d13-2360d7b7a642.html
- https://healthcare.ascension.org/-/media/healthcare/npp/michigan/mi_ascension-michigan_english.pdf
- https://www.justice.gov/opa/pr/ascension-michigan-pay-28-million-resolve-false-claims-act-allegations
- https://www.dallaswhistleblowerlawyer.com/blog/ascension-michigan-pays-28-million-to-resolve-whistleblower-claim/
- https://healthcare.ascension.org/specialty-care/neurology/stroke-treatment/why-ascension/miasc-mi-stroke-care
- https://www.beckershospitalreview.com/cybersecurity/ascension-michigan-data-breach-exposed-27k-patient-records.html