Beaumont Health (“Beaumont”) is committed to maintaining the privacy and security of information. On April 17, 2020, Beaumont notified individuals of a data security incident because of certain employee email accounts being accessed by an unauthorized third-party. This data incident impacted about 112,000 people, which is a little less than 5% of the 2.3 million patients Beaumont serves.
Upon learning of this issue, Beaumont immediately commenced a prompt and thorough investigation, working closely with external cybersecurity professionals. After an extensive forensic investigation and comprehensive manual document review, we discovered on March 29, 2020 that one or more of the email accounts accessed between May 23, 2019 to June 3, 2019 contained identifiable personal and/or protected health information. Our investigation was unable to determine definitively if any information was actually acquired by the unauthorized third party, and Beaumont has no knowledge of any inappropriate or misuse of any data. Beaumont’s electronic medical record system was not impacted by this incident and remains secure. However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts.
The accessed email accounts contained the personal and protected health information of certain patients, including name, date of birth, diagnosis, diagnosis code, procedure, treatment location, treatment type, prescription information, Beaumont patient account number, and Beaumont medical record number. A limited number of individuals’ Social Security numbers, financial account information, health insurance information, and driver's license or state identification numbers were also contained in the impacted email accounts. This incident does not affect all patients of Beaumont and not all of these identifiers were included for each notified individual.
Beaumont has taken steps to improve internal procedures to identify and remediate future threats in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards and providing additional training and education to Beaumont employees on identification and handling of malicious emails. Notified patients should monitor insurance statements for any transactions related to care or services that have not actually been received.
For further questions or additional information regarding this incident, or to determine if you may be impacted by this incident, a dedicated toll-free response line has been set up at 888-921-0518. The response line is available Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time.