Patient Information from Mid-Michigan Physicians Practice Exposed in Data Breach

Media Division | August 25, 2017

There is so much sensitive data and digital assets that cyber criminals are yearning to get their hands on. We store a plethora of vital information through digital means, such as personal, financial, and governmental data. All of this can be extremely valuable to those with malicious intent, whether they are going to use it for crimes themselves or sell it on the black market. One industry that is frequently targeted for the vital data that they hold is healthcare organizations, as things like patient medical records and personal data can be used for fraud or sold for a pretty penny. In fact, healthcare is within the top 5 industries targeted by cyber attacks. A recent example of this is a data breach at Mid-Michigan Physicians Practice that resulted in unauthorized access to patient data.

The Discovery of the Breach

The initial news of the breach had reached McLaren Medical Group in March of this year, which manages Mid-Michigan Physicians Practice, as they had been notified that a Radiology Center computer had been accessed by an unauthorized user. They had then embarked upon a full investigation of the incident and confirmed that the records of seven patients had been accessed. These records that had been accessed could have contained data such as the patient’s name, medical record number, phone number, address, diagnosis, and even their Social Security number. According to McLaren spokesperson Dave Jones in a statement to the Lansing State Journal, even though the investigation had not confirmed access to any other records aside from the seven, McLaren will be sending notice to all of the 106,000 patients whose information was stored in the database. This is because it is required by the U.S. Centers for Medicare & Medicaid Services. They attribute the five-month notice delay to the time it took to complete an extensive investigation.

McLaren seems to be taking full responsibility for the breach. They have not only rebuilt the computer system which had been accessed, but they also implemented further security measures to better protect patient data in the future. In addition, they are also providing identity theft protection and credit monitoring services to those affected. These are all very smart moves on the part of McLaren, as improper handling of a breach can result in much further damage to the organization. The delay in notification was somewhat of a shortcoming on their part, but some organizations may not even notify those affected in a breach at all.

The Critical Necessity of Comprehensive Data Breach Solutions

When an organization suffers a breach like the above, there are several steps that they must rapidly take to handle it, and these steps come under the heading of data breach solutions. This includes things like patching the immediate hole or vulnerability, fortifying security, expelling any threat, notifying those affected, and ensuring that those affected are taken care of. Being lackadaisical, careless, or neglectful in any of the above can make the incident much worse and sometimes even result in the organization failing. One large factor that many organizations may not immediately consider is the massive reputation and customer trust damage that can come with a breach, and this damage can be increased or perpetuated when the incident is improperly addressed. Many organizations may not have the necessary resources to rapidly complete the above steps, which is when they should seek outside assistance. Massive Alliance’s data breach solutions are extremely comprehensive and can help organizations of all sizes to remediate a breach. Remember, it is possible to come back from a breach in most cases, but only if it is handled adeptly.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.