The start of the year had a major breach report from Broward Health based in Florida, which has recently begun alerting more than 1.3 million patients and workers regarding a data breach that happened on October 15, 2021. A hacker acquired access to the Broward Health network through a third-party medical provider’s office that was granted access to the Broward Health system for offering healthcare services.
Broward Health identified and blocked the intrusion on October 19, 2021, and performed a password reset for all staff members to stop further unauthorized access. With the help of a third-party cybersecurity agency, Broward Health carried out a detailed investigation to know the nature and magnitude of the breach.
The investigation affirmed that the attacker got access to areas of the network where worker and patient records were kept, such as sensitive data: names, addresses, email addresses, dates of birth, phone numbers, financial/bank account data, health insurance details, medical histories, medical ailments, treatment, and diagnosis data, medical record numbers, Social Security numbers, and driver’s license numbers. Broward Health stated some information was exfiltrated from its systems.
The cyberattack report was submitted to the Department of Justice which asked Broward Health to hold off mailing breach notification letters to affected people so as not to hinder the law enforcement investigation.
Broward Health took steps to enhance security and avoid similar incidents later on, which consist of employing multifactor authentication for all users of its systems and placing minimum-security specifications for all devices not handled by Broward Health’s information technology department with access to its network. Those security prerequisites will be in effect this January.
Broward Health hasn’t received any reports that suggest patient or staff information was misused, however as a safety measure against identity theft and fraud, impacted persons were given a complimentary 2-year membership to the Experian IdentityWorksSM service, including identity theft protection, detection, and resolution services.
There is no record of the incident yet on the HHS’ Office for Civil Rights breach portal, but the Maine Attorney General has the incident reported as potentially having an effect on 1,357,879 patients.