Email Account Hacked Discovered at InterAct of Michigan

by | Aug 23, 2018

InterAct of Michigan, a provider of mental health and substance abuse treatments through health centers in Kalamazoo and Grand Rapids, has found an unauthorized person has obtained access to the email account of a staff member and may have viewed and copied the protected health information of 1,290 people.

The attack was noticed on June 8, 2018 leading to a thorough investigation to deduce the nature and scope of the breach. Immediate action was taken to disable access to the compromised account and an internal investigation was initiated. A leading computer forensics company was contracted to provide help with the investigation.

On July 30, 2018, InterAct of Michigan discovered that the protected health information of certain patients had possibly been obtained. The information was noticed in emails and email attachments in the compromised account. The exposed PHI included clients’ names and Social Security numbers. For some individuals, date of birth, prescription details, and treatment history may also have been obtained.

Due to the sensitive nature of the information that was accesseed, all impacted patients have been offered free identity theft protection services for one year.

On August 7, 2018, alerts were sent to affected people and Department of Health and Human Services’ Office for Civil Rights was informed of the breach.

InterAct of Michigan has put additional measures in place to enhance security to stop further breaches and ensure that in the event of a further email account compromise, the breach will be discovered much more quickly.

Email access logs are now being audited on a weekly basis to spot any suspicious behavior and single user inbox rules are similarly being monitored. A procedure has also been set up that stops the forwarding of emails to external email accounts, which suggests such a rule may have been implemented by the individual responsible for this attack.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy