Cyber Incident Victim: Henry Ford Health System
Date:
Oct 2017
Location:
United States of America
Summary
Henry Ford Health System experienced a data breach compromising the personal information of approximately 18,470 patients after unauthorized individuals obtained employee email credentials, enabling access to protected health records. The incident was detected following the theft of these credentials, which exposed patient data through the compromised email accounts. The health system notified affected individuals of the unauthorized access to their sensitive information but did not disclose specific data types exfiltrated during the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early October 2017, Henry Ford Health System discovered a data breach involving unauthorized access to patient information. The incident occurred when attackers compromised the email credentials of an unspecified group of employees within the healthcare organization. This credential theft enabled the unauthorized parties to access protected health information contained in patient records. The health system's investigation determined that approximately 18,470 patients had their personal information potentially exposed through this email account breach. While the exact duration of unauthorized access wasn't specified, the breach detection occurred shortly after the credential compromise in early October, suggesting a relatively contained timeframe for data exposure.
Henry Ford Health System initiated notification procedures following their internal investigation, formally alerting affected patients through mailed letters by December 6, 2017. The organization did not publicly disclose specific details about which types of patient data were accessed, though the breach notification indicated exposure of personal information. No evidence suggested misuse of patient data at the time of disclosure. The incident represented one of several healthcare sector breaches during this period involving compromised employee credentials as the attack vector for accessing sensitive medical records. The health system undertook credential resets and security reviews of email systems as part of their response to prevent similar incidents.