University of Michigan/Michigan Medicine
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
University of Michigan Data Breach
In late August 2023, the University of Michigan experienced a significant cybersecurity incident. Here are the key details about the breach:
What Happened
On August 23, 2023, the University of Michigan detected suspicious activity on its campus computer network. In response, the university took immediate action to contain the incident by proactively disconnecting the campus network from the internet[1]. The unauthorized access continued until August 27, 2023[1][2][3].
Scope of the Breach
The investigation revealed that an unauthorized third party accessed personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants[2][3]. The compromised information included social security numbers, driver’s licenses or other government-issued identification numbers, financial account or payment card numbers, and health information[2][3].
Number of Individuals Affected
Approximately 230,000 individuals were affected by the breach[3]. This number represents those whose sensitive personal data was involved and who were notified by the university through postal mail and notices on the university’s website[3].
University’s Response
The University of Michigan has been working with third-party cybersecurity experts to investigate the breach and to harden their systems against future attacks[2][3]. They have also notified law enforcement[3].
Measures for Affected Individuals
The university has offered free credit monitoring services to those affected by the breach[2][3]. A call center has been established to address concerns related to the incident, and individuals who believe their information was involved but did not receive a letter can call the toll-free number at 888-998-7088[2][3].
Additional Information
The university has recommended that affected individuals monitor their accounts and credit reports and report any suspicious activity or suspicion of identity theft or fraud to their financial institution immediately[3]. They can also contact the Federal Trade Commission or police to report identity theft and add a fraud alert to their credit report file[3].
Ongoing Efforts
The University of Michigan continues to work on restoring and securing its systems. They have communicated with the university community about the breach and the steps being taken to address it[1][2][3].
Legal and Regulatory Compliance
The university has complied with legal obligations to notify affected individuals and has been transparent about the steps being taken to address the breach and prevent future incidents[1][2][3].
For those affected by the breach, it is important to remain vigilant and take advantage of the resources offered by the university to protect personal information.
Citations:
- https://publicaffairs.vpcomm.umich.edu/key-issues/august-2023-data-incident/
- https://www.cbsnews.com/detroit/news/university-of-michigan-hackers-gained-personal-information-cyberattack/
- https://www.detroitnews.com/story/news/local/michigan/2023/10/23/um-3rd-party-accessed-school-systems-personal-information-for-5-days/71292044007/
- https://www.michiganmedicine.org/news-release/michigan-medicine-notifies-patients-health-information-breach
- https://www.clickondetroit.com/all-about-ann-arbor/2022/10/27/michigan-medicine-health-information-of-more-than-30k-patients-could-be-exposed-after-breach/
- https://www.michigan.gov/ag/news/press-releases/2023/12/26/second-corewell-health-data-breach-exposes-info-of-one-million-michigan-patients
- https://www.mlive.com/news/ann-arbor/2022/10/data-breach-possibly-exposes-health-info-for-34k-michigan-medicine-patients.html
- https://www.clickondetroit.com/all-about-ann-arbor/2023/08/29/university-of-michigan-shuts-down-internet-due-to-security-concern/
- https://www.michigandaily.com/news/michigan-medicine-data-breach/
- https://www.freep.com/story/news/health/2022/10/27/u-m-cyber-attack-phishing-scheme-michigan-medicine/69597373007/
- https://www.michigan.gov/ag/news/press-releases/2023/10/24/ag-nessel-reissues-data-breach-alert-following-university-of-michigan-network-infiltration
- https://www.mlive.com/news/ann-arbor/2022/03/michigan-medicine-data-breach-may-affect-health-information-of-nearly-3000-patients.html
- https://www.bridgemi.com/talent-education/financial-info-students-alumni-compromised-august-data-breach-u-m-says