PORTAGE, Mich. — Officials at Bronson Healthcare said they were the victims of a recent cyberattack, which may have exposed over 8,000 patients personal information.
"[Their] goal was to attempt to access our payroll system and divert money into an unauthorized account," said Bronson's Vice President of Information Technology Ken Buechele about the scam.
He said the phishing incident happened back in the June 2017 when a handful of employees were sent an email that led them to what looked like a Bronson-related website. When they entered their username and password, the scammers had immediate access into the payroll system.
"It was the hacker or the other party that set up this website to gather that information," said Buechele.
As soon as discrepancies appeared in payroll, they notified Kalamazoo police and an investigation began, he said. Months later, in November, Bronson officials said they learned that through the security breach 8,000 patients personal information may have been exposed, including their addresses, diagnoses and insurance information. Some may have had their social security numbers accessed as well. The patients affected were quickly contacted and given steps to further secure their information.
"We have a number of security processes and technology in place to prevent a lot of different types of security breaches," said Buechele. "We’re also working to better educate our employees and improve processes."
Bronson said they've asked those affected to keep a close eye on their bank accounts and financial records in the meantime. Since the incident happened, there has not been any reports of identity theft or financial misuse.
"It’s a learning opportunity for us," said Buechele. "Thankfully from what we can tell our patients weren’t directly impacted."