DETROIT – On Oct. 6, McLaren Oakland notified 2,219 current and former patients of a potential compromise of their personal data on a hospital computer.
The letter was sent notifying those affected with a description of the potential risk while also providing details for an offer of identity theft monitoring and protection services.
On July 10, 2020, representatives from McLaren Oakland became aware of a computer desktop file containing an unauthorized and unsecured link to a file containing patients' protected health information. Upon its discovery, the link was immediately disabled.
Following an investigation, McLaren Oakland officials have discovered that the link was inadvertently rendered insecure by an employee, and that there is no evidence of fraudulent or criminal activity related to this incident.
Security procedures have been reviewed with staff, and McLaren has implemented additional training to prevent a similar occurrence in the future. The Department of Health and Human Services, Office of Civil Rights has been notified of the incident, and McLaren Oakland will cooperate with the Office in its review.
As a precautionary measure, McLaren Oakland officials recommended to patients who received the letter to carefully review their financial information and credit reports for any irregularities, and to promptly notify their institutions if any discrepancies are discovered. The notification letter includes details on identity theft monitoring and protection services offered through McLaren, free of charge.