McLaren Medical Group in Lansing, Mich., recently notified 106,008 current or former patients that a computer system at Mid-Michigan Physicians Practice was hacked in March 2017.

The practice of 450 primary care and specialist physicians told the Lansing State Journal newspaper that a five-month delay in patient notification was necessitated because of an extensive investigation into the breach.

The investigation found that only seven patient records were definitely confirmed to have been accessed, but researchers could not confirm whether any other records had been accessed.


Also See: Hacking of medical devices rising as next threat

As hackers become more sophisticated, providers who are required under the HIPAA law to report breaches within 60 days of discovery are often finding that meeting the deadline is impossible, industry experts note. A five-month delay in notification remains relatively rare, but lengthy delays are coming more common.

The infected computer housed scanned documents and compromised patient information that included authorization orders, scheduling information, patient names, dates of birth, addresses, phone numbers, medical record numbers, diagnoses and Social Security numbers.

Since the beach, the computer has been rebuilt and updated with unspecified additional protections. One year of identity theft protection services from ID Experts will be offered to affected individuals.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access