A latest Bronson Healthcare Company phishing attack has led to a hacker gaining access to the protected health information (PHI) of 8,256 patients.
The attack allowed the cyberpunk to access to the health system’s electronic mail arrangement, which had the names, treatment information of patients, and medications. No patients’ financial information or Social Security numbers were undermined, and its electronic health documentation system wasn’t undermined.
Altogether, the electronic mail accounts of 5 workers were undermined over a period of two weeks. Although patients’ PHI was possibly undermined in the attack, Bronson Healthcare Company informs that the goal of the assailants wasn’t to get patient information, in its place, the main focus of the attack seems to have been to access login identifications to its worker payroll arrangement.
In that respect, the attack was successful. After getting access to the payroll arrangement, the assailant succeeded to switch at least one worker payment to an illegal account. Bronson Healthcare Company has paid for the costs and no workers are out of pocket as a result of the attack.
Bronson Healthcare Company engaged external cybersecurity experts to probe the breach and decide the nature as well as complete range of the attack. The inquiry concluded that just one of the undermined electronic mail accounts had PHI. Nevertheless, it wasn’t possible to conclude whether electronic mails having PHI were opened and whether any information was copied. No reports of abuse of patient info have been reported so far.
The assailants definitely had a great deal of time to examine electronic mails in the undermined accounts. As per the breach notice letters dispatched to patients, the Bronson Healthcare Company phishing attack occurred between June 12 and June 27, 2017, however, the safety breach wasn’t found until November. Patients were informed of the possible breach of their Protected Health Information on December 5, 2017.