The protected health information of 18,470 patients at Detroit-based Henry Ford Health System (HFHS) may have compromised by a data breach the system first discovered in October.
HFHS said it first learned of the breach after a group of employees’ email credentials, which had been encrypted, were stolen, and those emails contained patient health information.
Social Security and credit card numbers weren’t compromised, the system said, but patient names, birthdates, medical records and information about providers and insurers was breached—though it’s unclear whether any of it has been used inappropriately.
"We are very sorry this happened,” the system said in a press release. “We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted.”
HFHS said it will bolster its security after the breach, including extra training for employees and expanding initiatives around email retention and multi-factor authentication.
“To provide protection to our patients, new medical record numbers will be issued upon request,” the system said.
HFHS spokesperson David Olejarz told the Detroit News there is no criminal investigation into the breach.