Michigan hospital suffers security incident impacting more than 25,000 individuals

October 20, 2020
Medicare Web

Oaklawn Hospital, a healthcare provider in Marshall, Michigan, recently reported a security incident that potentially impacted 26,861 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted on its website, Oaklawn disclosed details regarding a security incident that involved access to certain employee email accounts by unauthorized third parties as the result of a phishing attack that occurred between April 14 and April 15. Upon learning of the issue, Oaklawn disabled access to the compromised accounts and required mandatory password resets to prevent continued access by unauthorized users.

After an extensive forensic investigation, Oaklawn determined that the compromised email accounts may have contained identifiable personal information or protected health information  of Oaklawn patients.

The information accessed may have included the following:

  • Dates of birth
  • Driver’s license numbers
  • Medical and health insurance information
  • Names
  • Online login information
  • Social security numbers

According to the security notice, Oaklawn currently has no evidence to suggest that any of the information has been misused or is in the possession of someone it should not be.

Oaklawn sent notification letters to each affected individual and encouraged those impacted to monitor their insurance statements. In addition, Oaklawn set up complimentary credit monitoring for individuals whose social security numbers may have been accessible during the breach.

Oaklawn also indicated that it has upgraded its security measures since the incident, improving its multi-factor authentication software and providing additional training for employees.

Related Topics: 
HIPAA