Michigan Masonic Home is notifying individuals of a potential data breach following suspicious activity in an employee email account, although no misuse of personal information has been confirmed.
Suspicious activity involving an employee email account at the Michigan Masonic Home in Alma has led to the facility notifying individuals whose personal security information may have been compromised. While there is no evidence of misuse, the home has launched a precautionary notification process to ensure those potentially impacted are informed about the incident and advised on protective measures.
Related: How to notify affected individuals of a breach
Michigan Masonic Home management first became aware of unusual activity related to an employee email account and acted swiftly by securing the compromised account and initiating an investigation.
The investigation revealed that the email account had been accessed without authorization between May 28 and July 18. Although there is no confirmation that sensitive information was accessed or viewed, the home is notifying individuals to ensure their security.
Preliminary findings from the investigation indicate that a range of personal data may have been affected, including names, credit card numbers, dates of birth, financial account details, government-issued identification numbers, medical records, and Social Security numbers.
See also: HIPAA Compliant Email: The Definitive Guide
“Upon becoming aware of the unauthorized access, Michigan Masonic Home began a diligent and comprehensive review process to identify sensitive information that may have been contained within the impacted email account, and to identify the individuals whose information may have been impacted, and their contact information for purposes of notification,” said Ivana Alexander, an attorney from Mullen Coughlin LLC to Morning Sun News.
She added, “While Michigan Masonic Home goes to great lengths to protect client information entrusted to it, as part of its ongoing commitment to the security of information in its care, Michigan Masonic Home is further evaluating its data security policies and procedures.”
Alexander explained that the home is strengthening its security measures and will be issuing written notifications to those whose contact details they have been able to verify.
The notification letters will include guidance on monitoring identity theft or fraud and ways to obtain free credit reports through the major credit bureaus. Those affected are encouraged to report any suspicious activity immediately.
Email remains one of the most commonly exploited avenues for cyberattacks, especially in the healthcare sector. Cybercriminals often use phishing, malware, and ransomware attacks to gain unauthorized access to sensitive information. In healthcare, where email communication often contains personal and medical data, email breaches can have far-reaching consequences.
Phishing attacks, where attackers impersonate legitimate entities to deceive recipients into disclosing sensitive information or downloading malicious software, are particularly dangerous. Once access is granted through an employee's email, attackers can infiltrate broader systems, gaining entry to patient records, financial data, and other critical information.
Learn more:
Email is one of the easiest and most effective tools for cybercriminals to exploit, especially in sectors like healthcare, where vast amounts of sensitive data are exchanged electronically. A single compromised account can expose personal, financial, and medical information, making individuals vulnerable to identity theft and fraud.
Michigan Masonic Home is notifying individuals about the activity and offering resources to help protect against potential fraud. While the investigation continues, anyone who believes they may have been affected is urged to remain vigilant, review their credit reports, and report suspicious activity to the appropriate authorities.
A data breach occurs when unauthorized individuals gain access to sensitive or confidential information. This can include personal details such as names, Social Security numbers, financial information, medical records, or other private data.
Common causes include phishing attacks, malware, weak passwords, unsecured email accounts, insider threats (intentional or unintentional), and vulnerabilities in network security systems. Email, in particular, is a frequent attack vector due to its widespread use and potential to hold sensitive data.
If you notice any suspicious activity, report it immediately to your financial institution, healthcare provider, or the relevant authorities. You should also notify the credit bureaus and consider filing a report with the Federal Trade Commission (FTC) through their website, www.identitytheft.gov.