Detroit hospital network says data breach affected more than 100,000 patient accounts

A Detroit-area health care organization is alerting patients that their information may have been compromised in a recent data breach.

Beaumont Health, a network of eight hospitals through the Detroit area, said in a letter Friday that “an unauthorized third party” accessed names, birth dates, Social Security numbers and medical conditions about some 112,000 people. Hackers also accessed bank account data and driver’s license numbers about some of those affected, the Detroit Free Press first reported.

Administrators noticed on March 29 that email accounts belonging to Beaumont employees apparently had been compromised following a phishing attack. Outsiders had spent May 23, 2019 through June 3, 2019 accessing personal data, though Beaumont now says it has no knowledge to suggest that the stolen data was misused. The incident involves information about less than 5% of the 2.3 million people that the medical organization has treated in the nearly 12 months since the attack occurred, according to Beaumont.

The attack against the hospital network occurred months before U.S. facilities started responding to the COVID-19 pandemic.

Word of the breach coincides with ongoing concern in the security community about the particular vulnerability of the global medical sector. As health care workers rush to treat patients affected by the novel coronavirus, opportunistic hackers have sought to capitalize on the urgency by targeting hospitals, sometimes demanding extortion fees to back down.

In one case, attackers struck a biotechnology firm that has been working on tools meant to help researchers find possible treatments for the virus. The concern is so high that a growing group of security researchers are volunteering time and resources to help medical organizations fend off potential attacks, as CyberScoop first reported.