The northern-Michigan
based Munson Healthcare group reported several employee email accounts were
hacked and being accessed for two and a half months last year exposing PHI.

The breach was discovered on January 16, 2020 and the investigation into the incident revealed the email accounts in question were being accessed by an outside source between July 31, 2019 and October 22, 2019. The accounts contained PHI that included names, dates of birth, insurance information along with treatment and diagnostic information. In some cases patient financial account numbers, driver’s license numbers and Social Security numbers were involved, Munson reported.

The number
of patients affected and the exact method used to gain access to the email
accounts was not revealed.

“This
incident does not affect all patients of Munson Healthcare and not all
information was included for all individuals. Munson Healthcare is now
notifying affected individuals so that they can take steps to protect their
information,” the healthcare system said.