Skip to main content

Analysis

Michigan Hospital Suffers Security Incident Impacting More Than 25K

By Revenue Cycle Advisor  
   October 20, 2020

After an extensive forensic investigation, Oaklawn determined that the compromised email accounts may have contained identifiable personal information or protected health information of Oaklawn patients.

A version of this article was first published October 20, 2020, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Oaklawn Hospital, a healthcare provider in Marshall, Michigan, recently reported a security incident that potentially impacted 26,861 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted on its website, Oaklawn disclosed details regarding a security incident that involved access to certain employee email accounts by unauthorized third parties as the result of a phishing attack that occurred between April 14 and April 15.

Upon learning of the issue, Oaklawn disabled access to the compromised accounts and required mandatory password resets to prevent continued access by unauthorized users.

After an extensive forensic investigation, Oaklawn determined that the compromised email accounts may have contained identifiable personal information or protected health information of Oaklawn patients.

The information accessed may have included the following:

  • Dates of birth
  • Driver’s license numbers
  • Medical and health insurance information
  • Names
  • Online login information
  • Social security numbers

According to the security notice, Oaklawn currently has no evidence to suggest that any of the information has been misused or is in the possession of someone it should not be.

Oaklawn sent notification letters to each affected individual and encouraged those impacted to monitor their insurance statements. In addition, Oaklawn set up complimentary credit monitoring for individuals whose social security numbers may have been accessible during the breach.

Oaklawn also indicated that it has upgraded its security measures since the incident, improving its multi-factor authentication software and providing additional training for employees.

Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.


Get the latest on healthcare leadership in your inbox.