Hackers breached the pc networks of Broward Well being in October and should have accessed private and monetary data on greater than 1.3 million sufferers and employees.
The southeast Florida well being system, which operates greater than 30 healthcare places in Broward County, disclosed it was hit with a cyberattack on Oct. 15, 2021, when an intruder gained unauthorized entry to the hospital’s community and affected person knowledge by means of a third-party medical supplier, in accordance with a assertion posted to the well being system’s web site Saturday.
The well being system mentioned it found the intrusion 4 days later, on Oct. 19, and contained the incident, then notified the FBI and the Division of Justice (DOJ).
Broward Well being mentioned it waited months to inform victims and make the breach public as a result of the DOJ advised them to carry off on sending out breach notification letters to protect an ongoing regulation enforcement investigation, the well being system mentioned.
The well being system additionally instantly required a password reset for all staff and engaged an impartial cybersecurity agency to conduct an investigation. Broward Well being engaged an skilled knowledge evaluate specialist to conduct an in depth evaluation of the information to find out what was impacted, which decided some affected person and worker private data could have been impacted.
The hackers accessed names, birthdays, addresses, banking data, Social Safety numbers, drivers’ license numbers, affected person histories and remedy and analysis data, amongst different data, in accordance with the well being system.
The hospital system didn’t say how many individuals have been concerned, however a submission to the Maine lawyer basic’s workplace states that 1,357,879 folks have been affected.
The data was faraway from the hospital’s system, “nevertheless, there isn’t a proof the data was really misused,” the well being system mentioned in its assertion.
The incident didn’t seem to contain ransomware. Broward Well being spokesperson Jennifer Smith advised CNN in an electronic mail that the hackers didn’t make any ransom demand and that no ransom was paid.
“Affected person care was not disrupted or impacted at any time throughout or following this incident,” Smith mentioned, in accordance with CNN’s reporting.
The hospital is providing 24 months of id theft safety providers for sufferers impacted by the breach.
Broward Well being additionally mentioned it has applied multifactor authentication for all customers of its methods and “minimum-security necessities for gadgets not managed by Broward Well being Data Know-how with entry to its community.”
The breach incident is the newest of a rising variety of cyberattacks towards healthcare organizations in the course of the COVID-19 pandemic.
A latest cyberattack on Deliberate Parenthood’s Los Angeles department uncovered the non-public data of about 400,000 sufferers. Between Oct. 9 and Oct. 17, a hacker infiltrated the reproductive well being care middle’s community and stole recordsdata together with affected person data like names and insurance coverage particulars together with medical data together with diagnoses and procedures undergone by the sufferers.