InterAct of Michigan Email Account Compromised Exposing 1,290 Patients’ PHI

The mental health and substance abuse treatment provider InterAct of Michigan has announced that the protected health information (PHI) of 1,290 patients has potentially been  accessed by an unauthorized individual who succeeded in gaining access to an employee’s email account. Patients affected by the breach had previously visited its clinics in Grand Rapids and Kalamazoo.

InterAct of Michigan became aware of the breach on June 8, 2018 and immediately launched an investigation to determine whether PHI was accessed and the extent of the security breach. Access to the employee’s account was immediately terminated and a computer forensics company was called in to help with the investigation.

The investigators issued a statement on July 30, 2018 confirming the PHI of some patients was potentially accessed through the email account. No other systems were compromised. The exposed information included patients’ names and Social Security numbers and some patients may also have had their birth date, prescription information, and treatment records exposed.

Because of the sensitive nature of the data that was exposed, all impacted patients were offered free identity theft protection services for one year. InterAct of Michigan has now sent notification letters to all affected people and Department of Health and Human Services’ Office for Civil Rights on August 7, 2018 has also been informed of the breach.

Steps have now been taken to enhance security to avoid further data security breaches, monitoring of email accounts has also been enhanced and email access logs are now being checked on a weekly basis.  InterAct of Michigan has also set up a new rule that prohibits the forwarding of emails to external email accounts.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/