University of Michigan/Michigan Medicine

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

University of Michigan Data Breach

In late August 2023, the University of Michigan experienced a significant cybersecurity incident. Here are the key details about the breach:

What Happened

On August 23, 2023, the University of Michigan detected suspicious activity on its campus computer network. In response, the university took immediate action to contain the incident by proactively disconnecting the campus network from the internet[1]. The unauthorized access continued until August 27, 2023[1][2][3].

Scope of the Breach

The investigation revealed that an unauthorized third party accessed personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants[2][3]. The compromised information included social security numbers, driver’s licenses or other government-issued identification numbers, financial account or payment card numbers, and health information[2][3].

Number of Individuals Affected

Approximately 230,000 individuals were affected by the breach[3]. This number represents those whose sensitive personal data was involved and who were notified by the university through postal mail and notices on the university’s website[3].

University’s Response

The University of Michigan has been working with third-party cybersecurity experts to investigate the breach and to harden their systems against future attacks[2][3]. They have also notified law enforcement[3].

Measures for Affected Individuals

The university has offered free credit monitoring services to those affected by the breach[2][3]. A call center has been established to address concerns related to the incident, and individuals who believe their information was involved but did not receive a letter can call the toll-free number at 888-998-7088[2][3].

Additional Information

The university has recommended that affected individuals monitor their accounts and credit reports and report any suspicious activity or suspicion of identity theft or fraud to their financial institution immediately[3]. They can also contact the Federal Trade Commission or police to report identity theft and add a fraud alert to their credit report file[3].

Ongoing Efforts

The University of Michigan continues to work on restoring and securing its systems. They have communicated with the university community about the breach and the steps being taken to address it[1][2][3].

Legal and Regulatory Compliance

The university has complied with legal obligations to notify affected individuals and has been transparent about the steps being taken to address the breach and prevent future incidents[1][2][3].

For those affected by the breach, it is important to remain vigilant and take advantage of the resources offered by the university to protect personal information.

Citations:

  1. https://publicaffairs.vpcomm.umich.edu/key-issues/august-2023-data-incident/
  2. https://www.cbsnews.com/detroit/news/university-of-michigan-hackers-gained-personal-information-cyberattack/
  3. https://www.detroitnews.com/story/news/local/michigan/2023/10/23/um-3rd-party-accessed-school-systems-personal-information-for-5-days/71292044007/
  4. https://www.michiganmedicine.org/news-release/michigan-medicine-notifies-patients-health-information-breach
  5. https://www.clickondetroit.com/all-about-ann-arbor/2022/10/27/michigan-medicine-health-information-of-more-than-30k-patients-could-be-exposed-after-breach/
  6. https://www.michigan.gov/ag/news/press-releases/2023/12/26/second-corewell-health-data-breach-exposes-info-of-one-million-michigan-patients
  7. https://www.mlive.com/news/ann-arbor/2022/10/data-breach-possibly-exposes-health-info-for-34k-michigan-medicine-patients.html
  8. https://www.clickondetroit.com/all-about-ann-arbor/2023/08/29/university-of-michigan-shuts-down-internet-due-to-security-concern/
  9. https://www.michigandaily.com/news/michigan-medicine-data-breach/
  10. https://www.freep.com/story/news/health/2022/10/27/u-m-cyber-attack-phishing-scheme-michigan-medicine/69597373007/
  11. https://www.michigan.gov/ag/news/press-releases/2023/10/24/ag-nessel-reissues-data-breach-alert-following-university-of-michigan-network-infiltration
  12. https://www.mlive.com/news/ann-arbor/2022/03/michigan-medicine-data-breach-may-affect-health-information-of-nearly-3000-patients.html
  13. https://www.bridgemi.com/talent-education/financial-info-students-alumni-compromised-august-data-breach-u-m-says
Breach Submission Date Mar 03, 2022
Converted Entity Name University of Michigan/Michigan Medicine
Converted Entity Type Healthcare Provider
State MI
Individuals Affected 2,921
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes