A Michigan based management services company, Bronson Healthcare Group Inc., claimed to be the victim of a cyber attack due to a phishing attack.
According to Bronson Healthcare, their email system was the main target of a cyber attack that left the information of thousands of patients potentially exposed.
As per reports from the management, email accounts of five employees were breached, exposing information of 8,256 patients. IT experts at Bronson Healthcare Group Inc. believe a phishing attack to be the cause of this incident.
Phishing Attack: An Evil Technique
It is a cyber scam in which emails that seem to appear from a trustworthy or valid source are sent by cyber criminals to trick victims and breach their systems to gather personal information like username/account information and passwords, credit card info. etc.
The Phishing technique was used by a hacker to breach the email accounts of 5 employee. But the issue was uncovered and recognized by the hospital IT department after a while.
The hospital administration issued a letter of apology to the affected patients explaining the scenario.
In one of the breached worker’s email accounts was private information of patients including names, treatments and medications.
According to Charlie Aardema, the senior privacy analyst for Bronson Healthcare Group, the medical records is contained on a very separate system, thus reducing the risk.
According to the hospital, no cases of identity theft have been reported so far, but the risk remains.
The Real Motive: To Steal Money
The main motive of the hack seems to be to acquire worker’s credentials and passwords to access the hospital’s payroll system and reroute the money to a fake unauthorized account, according to Ken Buechele, Bronson’s IT Vice President.
But as soon as inconsistencies appeared in the payroll, the county’s police was notified. While the culprits are yet to be caught, the staff seems relieved as no other incident has been reported since.
Phishing is a commonly used technique, and we need to be careful to be safe. Never click links that you do not trust.