Beaumont Health System’s IT team detected and shut down unusual activity Saturday related to online COVID-19 vaccination scheduling, the hospital announced Sunday.
The unusual activity happened on Beaumont’s Epic electronic medical record system. The Beaumont team determined a user took advantage of an Epic scheduling tool vulnerability and shared an unauthorized scheduling pathway publicly that allowed 2,700 people to “cut in line” and register for an unauthorized vaccine appointment.
Beaumont is cancelling all the appointments that used the unauthorized pathway.
Beaumont notified the national Epic corporate office so it could communicate with other health systems to prevent this from occurring elsewhere.
Beaumont said no one’s personal data or any hospital records were compromised in the vulnerability. The pathway simply allowed users to schedule an unauthorized appointment that circumvented the current Michigan mandates.
“These appointments violate the ethical distribution framework Beaumont created based upon the State of Michigan’s mandatory vaccine guidelines. We regret 2,700 people in our community became victims of this unfortunate incident,” said Beaumont Health Senior Vice President and Chief Information Officer Hans Keil. “We remain committed to vaccinating as many people as possible who meet the State’s guidelines. We are also notifying the Michigan Hospital Association and other Michigan health systems about the issue.”