At the beginning of the year, a big breach was announced by Broward Health located in Florida, which has just started informing over 1.3 million patients and workers concerning a data breach that took place on October 15, 2021. A hacker obtained access to the Broward Health system via a third-party healthcare provider’s office that was given access to the Broward Health network for delivering medical services.
Broward Health uncovered and stopped the attack on October 19, 2021, and performed a password reset for all staff members to avert more unauthorized access. With the assistance of a third-party cybersecurity firm, Broward Health carried out a thorough investigation to find out the nature and extent of the breach.
The investigation established that the attacker acquired access to sections of the system where worker and patient data were saved, which include sensitive data: names, addresses, email addresses, birth dates, telephone numbers, financial/bank account details, health insurance data, medical backgrounds, medical problems, treatment and diagnosis details, medical record numbers, Social Security numbers, and driver’s license numbers. Broward Health reported some records were exfiltrated from its networks.
The cyberattack report was sent to the Department of Justice which wanted Broward Health to put off distributing breach notification letters to affected people in order not to obstruct the law enforcement inquiry.
Broward Health took action to boost security and avert the same occurrences down the road, which comprise of using multifactor authentication for all end-users of its network and establishing minimum-security specifications for all devices not maintained by Broward Health’s IT department having network access. Those security prerequisites will be effective this January.
Broward Health did not receive any reports that show patient or staff information was misused, nevertheless as a preventative measure against identity theft and fraud, impacted persons were provided a free two-year membership to the Experian IdentityWorksSM service, consisting of identity theft protection, discovery, and resolution services.
The breach hasn’t shown up on the HHS’ Office for Civil Rights breach website although it was documented with the Maine Attorney General as likely impacting 1,357,879 individuals.