Locked Out and Left Behind:
How Michigan’s Digital Failures Are Costing Us Healthcare and Privacy
Yesterday, I found myself trapped in a login loop.
I wasn’t trying to do anything complicated. I just needed to update my email address on MiLogin—the state’s central identity management system—so I could access my healthcare plan information.
Instead, I was met with a wall. A technical error. A bug. The site spun its wheels, refused to authenticate me, and offered zero solutions.
I did what any reasonable person would do. I called the IT help desk.
The person on the other end of the line was professional, sympathetic, and ultimately powerless. They could see the error. They acknowledged it was a known issue on their end. And then they admitted they couldn’t fix it. I was told, essentially, to wait and try again later.
Meanwhile, the clock is ticking, and my healthcare coverage is hanging in the balance because the State of Michigan apparently failed to send my plan over to my insurance provider.
This isn’t just a glitch. This is a pattern.
The Digital House is on Fire
When I finally managed to do some digging (through third-party security researchers, not through any official notification from the state), I found that the beginning of 2026 has been a nightmare for data security. While there is currently no confirmed “hack” of MiLogin specifically, the surrounding ecosystem is toxic.
Just last month, security researchers stumbled upon an unsecured database containing 149 million usernames and passwords. One hundred and forty-nine million. That isn’t a small leak; that is a continental shelf collapse of credential security.
While the state remains silent, the private sector is bleeding our data. Mid Michigan Medical Billing Service just reported a breach affecting over 28,000 people, handing over Social Security numbers and intimate personal details to criminals.
The MFA Trap: You Are Your Phone Number
We are constantly told to “Enable MFA” and “Monitor your credit.” But let’s talk about what Multi-Factor Authentication has become.
It is, increasingly, a hostage situation.
Banks, healthcare portals, and state systems are now demanding a phone number to verify your identity. Not a hardware token. Not an authenticator app. Your phone number—which is increasingly treated as a permanent, unchangeable piece of your identity.
I am a tech guy. I have found ways to route around this, to shield my real number from these systems. But I am not the norm. The average citizen is being forced to hand over their mobile number to every government portal and every financial institution, creating a single point of failure that is easily SIM-swapped, easily leaked, and nearly impossible to change if it is compromised.
We are being told this is for our security. But forcing citizens to tether their identity to a carrier-controlled phone number is not security. It is liability shifting. And it is a disaster.
When “Tech Errors” Determine Health Coverage
But let’s talk about the other error message.
The one that didn’t involve passwords, but policies.
Prior to this current lockout—back when I still had access to my account—I logged in to find that my healthcare plan had never been transmitted to my insurer. The site admitted it: A tech error on their end.
That issue was never resolved by the state. And now, before I can even follow up on it, I have been locked out entirely by a separate technical failure—one that their own help desk admits they cannot fix.
This is the part that keeps me up at night. We are constantly told that these systems—MiLogin, the healthcare portals, the eligibility checkers—are being “modernized.” We are told that millions of dollars are being poured into infrastructure to make things seamless.
Yet here we are. The “modernization” money appears to have purchased a website that buckles under the weight of an email change, a help desk that can see the problem but cannot solve it, and a data transfer system so fragile that eligible citizens were left without coverage before the site even went down.
Now I am locked out entirely. The old problem remains unfixed. The new problem is keeping me from even addressing it. And somewhere in the machinery of state government, the system continues to spend money it clearly isn’t spending on reliability.
Where Does the Money Go?
It is impossible to look at this situation and not ask a very cynical, very legitimate question: Where is the money going?
We fund these programs. We fund the IT contracts. We fund the administrative overhead. But when the rubber meets the road, the consumer—the citizen, the patient—is left holding an empty bag.
Security: We pay for systems that allow our credentials to float around in unsecured databases discovered by random researchers, while being forced to use MFA methods that are fundamentally insecure.
Infrastructure: We pay for portals that crash when you try to update your email, staffed by help desk employees who can see the problem but are powerless to fix it.
Execution: We pay for healthcare administration that “forgets” to send the enrollment file to the insurance company.
It feels like the system is designed to spend money on itself. The contracts go to vendors. The salaries go to administrators. The fines (if any) go into a general fund. But the service? That evaporates the moment you actually try to use it.
A State That Fails the Stress Test
If a system breaks when a user tries to change their email, it isn’t a secure system. If a help desk cannot resolve a known error, it isn’t a functional support system. If a healthcare enrollment fails because of a “tech error,” it isn’t a safety net.
We are being asked to trust a digital infrastructure that has repeatedly shown it cannot handle the stress of basic daily use. We are being asked to hand over our most sensitive data—our health records, our Social Security numbers, our phone numbers, our identities—to a machine that spits out error codes instead of coverage.
To the officials in charge: Stop blaming the “bugs.” Stop hiding behind the “no widespread hack” rhetoric.
The failure isn’t always a catastrophic breach. Sometimes, the failure is just a login screen that doesn’t work, a phone number requirement that compromises our privacy, or a help desk that can only offer sympathy. But when that screen is the only door to my healthcare, and that phone number is the only key, the result is the same: the citizen gets hurt, and the system faces no consequences.
I’m still locked out. And thanks to your “tech error,” I’m still uninsured.
If you have experienced similar issues with MiLogin, forced MFA phone requirements, healthcare enrollment failures, or state data portals, let me know in the comments. If we can’t get answers from the state, we should at least get them from each other.
This Did Not Happen in a Vacuum
The Broader Picture: Michigan’s Digital Risk Landscape
Major Credential Leak (January 2026): Security researchers discovered an unsecured database containing 149 million usernames and passwords. The source and full impact remain under investigation.
Healthcare Data Breach (January 2026): Mid Michigan Medical Billing Service reported a breach affecting over 28,000 individuals, exposing Social Security numbers and other sensitive personal information.
Ongoing Phishing & Ransomware Threats: The state continues to face elevated levels of phishing and ransomware activity. Globally, at least 91 public ransomware attacks have been reported in early February 2026 alone.
PowerSchool Breach (January 2025): A previously disclosed breach at PowerSchool impacted multiple Michigan school districts, compromising student and staff data.
It’s Time for a Digital Bill of Rights:
·We live in a world where our digital footprints are often more permanent and revealing than our physical ones. From the data collected by the apps on our phones to the algorithms that shape our news feeds and opportunities, our fundamental rights are being challenged in ways the founders of our oldest democracies could never have imagined.
Why OpenClaw and LocalAI on Umbrel Hit a Wall:
·This documents a failed attempt to configure the OpenClaw AI agent on Umbrel with a LocalAI backend. It details the process, the partial progress, the exact point of failure, and corroborating evidence that this is a systemic issue affecting the community.
The “Lighthouse” Strategy: A Conversation with Daniel Brummitt
In an era where every “techpreneur” is screaming for your attention and your data, Detroit’s Daniel Brummitt is doing something radical: he’s telling you to go away.
From Galleries to Git:
"From Galleries to Git: Why My Unconventional Path Makes Me a Better Engineer"









I'm a ward of the state since 2013 and a few years ago the city in which I was forced into mental hospitals by a supposed court order had their medical records breached and all the details of my and other patients were compromised.