Cyber Incident Victim: Western Michigan University Wmed

On or around June 3, 2021, Western Michigan University Homer Stryker M.D. School of Medicine (WMed) experienced a data security incident stemming from a successful phishing attack. An individual within the organization clicked on a malicious link embedded in a phishing email, which subsequently granted unauthorized external access to a single institutional email account. The breach was confirmed by WMed Communications Director Laura Eller during an interview with MLive on June 3, 2021. While the exact timeline of initial compromise wasn't disclosed, the incident prompted WMed to initiate notification procedures shortly after discovery. The compromised email account contained personal information belonging to individuals enrolled in employee healthcare coverage programs.

WMed notified 2,474 affected parties, including current employees, former employees, and their healthcare beneficiaries, about the potential exposure of their personal data. The organization did not publicly specify the exact types of compromised information beyond confirming the exposure of "personal information" through the breached account. No evidence of actual misuse of data was reported at the time of notification. The institution's public communication emphasized the phishing vector as the root cause and indicated the incident was contained to a single email account. Affected individuals received direct notifications, though the specific remediation measures offered (if any) were not detailed in available public statements. The disclosure aligned with standard breach notification protocols for incidents involving healthcare-related personal data.