Detroit, Michigan, December 13, 2025
Henry Ford Health has reported an insider data breach impacting approximately 2,000 patients. An employee inappropriately accessed electronic health records, leading to unauthorized disclosures. In response, the organization has terminated the employee, notified affected patients, and is offering two years of identity monitoring services. Sensitive information, including Social Security numbers, was not compromised. Patients are advised to monitor their personal information and report any suspicious activities.
Henry Ford Health Data Breach Affects 2,000 Patients
A concerning insider breach has prompted Henry Ford Health to act swiftly to protect patient information.
Detroit, Michigan – Henry Ford Health has informed approximately 2,000 patients of an insider data breach involving unauthorized access to their electronic health records (EHR). The breach was identified on October 10, 2025, when suspicious activity was detected in the EHR system. An internal investigation revealed that an employee had inappropriately accessed and, in some cases, printed or disclosed certain patient information without a legitimate business need. The employee has been terminated, and the affected individuals have been notified. As a precautionary measure, Henry Ford Health is offering two years of complimentary identity monitoring services to those impacted. The compromised data included patients’ names, medical record numbers, dates of birth, addresses, email addresses, phone numbers, emergency contact details, primary care physician names, health insurance information, dates of service, and diagnosis codes. Importantly, Social Security numbers and other sensitive medical records were not involved in this incident. For further inquiries, affected individuals can contact the designated call center at (855) 403-1811, available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time.
Details of the Data Breach
The breach was discovered on October 10, 2025, when Henry Ford Health detected suspicious activity within its EHR system. An internal investigation confirmed that an employee had accessed and, in some instances, printed or disclosed patient information without a legitimate business purpose. The employee responsible has been terminated. The compromised data included:
- Patient names
- Medical record numbers
- Dates of birth
- Addresses
- Email addresses
- Phone numbers
- Emergency contact information
- Primary care physician names
- Health insurance details
- Dates of service
- Diagnosis codes
Notably, Social Security numbers and other sensitive medical records were not part of the exposed information. Henry Ford Health is taking all necessary steps to comply with privacy laws and has notified the affected patients accordingly. Additionally, the organization is offering two years of complimentary identity monitoring services to those impacted by the breach. For any questions or concerns, individuals can reach out to the designated call center at (855) 403-1811, available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time.
Background on Henry Ford Health’s Privacy and Security Measures
Henry Ford Health is committed to safeguarding patient information and adheres to strict privacy and security protocols. The organization has a comprehensive Information Privacy & Security Program that includes oversight for various sets of data, including patient, member, employee, financial, and business information. Workforce members are required to access, use, and transmit sensitive information in accordance with Henry Ford Health’s policies and procedures, supporting a “culture of confidentiality.” The organization has implemented additional security measures and is providing further training to employees on recognizing and responding to suspicious emails to prevent future incidents. For more information on Henry Ford Health’s privacy and security practices, visit their official website.
Recent Data Breach Incidents
This incident is the latest in a series of data breaches involving Henry Ford Health. In March 2023, the organization experienced a phishing attack that led to unauthorized access to employee email accounts containing protected health information. The affected data included patients’ names, dates of birth, lab results, procedure types, diagnoses, dates of service, telephone numbers, medical record numbers, and internal tracking numbers. Henry Ford Health took immediate action to secure the email accounts and notified the affected individuals. As a precaution, the organization offered complimentary credit monitoring and identity theft protection services for 12 months to those impacted. The breach was reported to regulators, but the exact number of individuals affected was not specified at that time. For more details on this incident, refer to the official notice provided by Henry Ford Health.
Implications for Patients and the Healthcare Industry
Data breaches in the healthcare sector can have significant implications for patients, including potential identity theft and misuse of personal health information. It is crucial for healthcare organizations to implement robust security measures and provide timely notifications to affected individuals. Patients are advised to monitor their personal information and report any suspicious activity to the appropriate authorities. The healthcare industry continues to face challenges in protecting sensitive data, underscoring the need for ongoing vigilance and adherence to privacy and security standards.
Frequently Asked Questions (FAQ)
What information was compromised in the Henry Ford Health data breach?
The compromised data included patients’ names, medical record numbers, dates of birth, addresses, email addresses, phone numbers, emergency contact information, primary care physician names, health insurance details, dates of service, and diagnosis codes. Notably, Social Security numbers and other sensitive medical records were not involved in this incident.
How many patients were affected by the data breach?
Approximately 2,000 patients were affected by the data breach.
What steps is Henry Ford Health taking in response to the breach?
Henry Ford Health has terminated the employee responsible for the unauthorized access, notified the affected patients, and is offering two years of complimentary identity monitoring services to those impacted. The organization is also implementing additional security measures and providing further training to employees on recognizing and responding to suspicious emails to prevent future incidents.
How can affected individuals seek assistance or more information?
Affected individuals can contact the designated call center at (855) 403-1811, available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, for assistance or more information.
Key Features of the Data Breach Incident
| Feature | Details |
|---|---|
| Incident Type | Insider data breach involving unauthorized access to electronic health records |
| Number of Affected Patients | Approximately 2,000 patients |
| Compromised Data | Names, medical record numbers, dates of birth, addresses, email addresses, phone numbers, emergency contact information, primary care physician names, health insurance details, dates of service, and diagnosis codes |
| Excluded Data | Social Security numbers and other sensitive medical records |
| Actions Taken | Termination of the responsible employee, patient notifications, offering two years of complimentary identity monitoring services, implementing additional security measures, and providing further employee training |
| Contact Information | Designated call center at (855) 403-1811, available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time |
Deeper Dive: News & Info About This Topic
HERE Resources
Author: STAFF HERE DETROITMI WRITER
DETROIT STAFF WRITER The DETROIT STAFF WRITER represents the experienced team at HEREDetroitMI.com, your go-to source for actionable local news and information in Detroit, Wayne County, and beyond. Specializing in "news you can use," we cover essential topics like product reviews for personal and business needs, local business directories, politics, real estate trends, neighborhood insights, and state news affecting the area—with deep expertise drawn from years of dedicated reporting and strong community input, including local press releases and business updates. We deliver top reporting on high-value events such as Movement Electronic Music Festival, Detroit Grand Prix, and America's Thanksgiving Parade. Our coverage extends to key organizations like the Detroit Regional Chamber and Focus HOPE, plus leading businesses in automotive and healthcare that power the local economy such as General Motors, Ford Motor Company, and Henry Ford Health. As part of the broader HERE network, including HEREGrandRapids.com, HERENorthville.com, HERENovi.com, and HEREPlymouth.com, we provide comprehensive, credible insights into Michigan's dynamic landscape.
