GRAND RAPIDS, Mich. (WOOD) — Bronson Healthcare Group is investigating a possible phishing scam that could impact patients’ records.
Bronson officials said an employee opened an email that they thought was from Bronson, which started the possible security breach. When the employee opened the email, hackers were able to enter some employee email accounts, one of which had a patient’s information in it.
The organization investigated the matter, but were unable to determine whether the hackers successfully accessed the spreadsheet.
As a precautionary measure, Bronson sent a letter last month to patients possibly impacted.
The organization is also looking to improve security measures and train employees on how to determine if an email is legitimate or not.
Full letter: “Bronson Healthcare Group has notified a limited number of patients about a recently discovered phishing incident involving employee email accounts. Letters have been mailed to patients who may have been affected. On November 9, 2017, Bronson Healthcare discovered that patient protected health information was contained in a limited number of email accounts that were accessed from June 12-27, 2017 as a result of a phishing attack. Bronson Healthcare confirmed that patients’ names, home addresses, dates of birth, treatment, diagnoses, lab results, medications, and/or insurance information were contained in the compromised email accounts. Six patients’ Social Security numbers were also contained in the emails.
Bronson Healthcare has been working with external cybersecurity professionals to assist. The investigation was unable to determine if patient information was actually opened, viewed, downloaded or otherwise acquired by the unauthorized user. Out of an abundance of caution, Bronson notified patients of the incident and provided steps patients can take to help protect their information, including reviewing financial accounts and explanation of benefits statements for any suspicious activity. To date, Bronson is not aware of any reports of identity fraud, theft, or improper use of information as a direct result of this incident.
Bronson has in place safeguards to ensure the privacy and security of all patient health information. Bronson will continue to monitor patients’ data and is evaluating and modifying their security practices to further strengthen the privacy of personal information.
For further questions or additional information regarding this incident, or to determine if they are impacted by this incident, patients may call a dedicated toll-free response line that has been set-up at xxx-xxx-xxxx, Monday through Friday, 9:00 a.m. to 6:00 p.m. Eastern Time.