Security Breach Exposes Some Michigan Patients' Personal Information

January 10, 2019 - 12:02 pm

RICHMOND, Mich. (WWJ) - There's been a security breach involving a rehabilitation center in Macomb County.

Sacred Heart Rehabilitation Center -- a provider of HIV/AIDS care services and substance abuse treatment with a location in Richmond, Michigan -- says a "limited number of patients" had their personal information compromised through a phishing scheme that affected an employee's email account between April 5, 2018 and April 7, 2018.

"Upon learning of the situation, Sacred Heart Rehabilitation Center promptly launched an investigation and engaged external cybersecurity professionals," the center said in a statement. 

Leaked information included patients' full names, addresses, health insurance information, medical treatment information, medical diagnostic information and/or Social Security numbers. 

This incident did not affect all patient, the organization said. 

Letters were sent to affected patients on Wednesday. 

Affected patients with Social Security numbers that were compromised are being offered free credit monitoring and identity theft-restoration services.  Those patients have also been provided with best practices to protect their information, including steps to obtain a free credit report, placing a fraud alert and/or placing a security freeze on their credit files. The patients have also been reminded to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity, and it's also recommended they review the statements that they receive from their health insurance providers and follow up on any items not recognized.

Meanwhile, Sacred Heart said it's working to ensure that a similar breach doesn't happen in the future by adding more employee training and security measures.

Patients with questions can call a dedicated toll-free response line that has been set up at 844-416-6280. The response line is available Monday through Friday during regular business hours.