A latest Bronson Healthcare Group phishing attack has led to a cyberpunk accessing the PHI of 8,256 patients.
The attack permitted the cyberpunk to access the health system’s electronic mail system, which had the names, treatment information of patients, and medicines. No patient’s financial information or Social Security numbers were undermined, and its electronic health record system wasn’t undermined.
Altogether, the electronic mail accounts of five workers were undermined over a duration of two weeks. While patients’ PHI was possibly undermined in the attack, Bronson Healthcare Group informs that the purpose of the assailants wasn’t to get patient info, instead, the main motivation of the attack seems to have been to get access to login identifications to its worker payroll method.
In that respect, the attack worked. After accessing the payroll method, the assailant succeeded to distract at least one worker payment to an illegal account. Bronson Healthcare Group has admitted the damages and no workers are out of pocket as a consequence of the attack.
Bronson Healthcare Group hired external cybersecurity experts to probe the breach as well as decide the full scope and nature of the attack. The analysis concluded that just one of the undermined electronic mail accounts had PHI. Nevertheless, it wasn’t possible to decide whether electronic mails having PHI were opened and whether any info was copied. No statements of abuse of patient info have been informed thus far.
The assailants definitely had sufficient time to check electronic mails in the undermined accounts. As per the breach notice letters dispatched to patients, the Bronson Healthcare Group phishing attack happened between June 12 and June 27, 2017, however, the safety breach wasn’t found until November. Patients were informed of the possible breach of their PHI on December 5, 2017.