Personal information of 8,256 patients at Kalamazoo, Mich.-based Bronson Healthcare Group may have been exposed when the organization's email system was hit with a phishing attack, though no medical records were compromised, according to MLive.
Five employees email accounts were targeted between June 12 and 27 when an online scammer used phishing tactics to gain the credentials and passwords necessary to access the hospital's payroll and email system. Bronson discovered the incident in early November and sent letters to the affected patients Dec. 5.
The letter states patient health information was contained in one of the breached email accounts, according to MLive. It included patient names, medications and treatments; however, it is unclear from the MLive report which, if any, other information may have been compromised. The hospital told MLive Jan. 4 it had not received any reports of fraud or identity theft as a result.
The pay of at least one employee was diverted to an unauthorized place, Chris Sangalli, vice president and chief compliance officer for Bronson, told MLive.
"In some employee emails there was patient information, and we were never able to determine whether the information was used or anything was opened or downloaded in any way," she added.
Becker's Hospital Review has reached out to Bronson Healthcare Group. This story will be updated as more information becomes available.