The year has started with a major breach report from Broward Health in Florida, which has recently started notifying more than 1.3 million patients and employees about a data breach that occurred on October 15, 2021. A hacker gained access to the Broward Health network through the office a third-party medical provider that had been granted access to the Broward Health network for providing healthcare services.
Broward Health discovered and blocked the intrusion on October 19, 2021, and a password reset was performed for all employees to prevent further unauthorized access. Assisted by a third-party cybersecurity company, Broward Health conducted a comprehensive investigation to determine the nature and scope of the breach.
The investigation confirmed the attacker had access to parts of the network where employee and patient information were stored, including sensitive data such as names, dates of birth, addresses, email addresses, phone numbers, Social Security numbers, financial/bank account information, health insurance information, medical histories, health conditions, treatment and diagnosis information, medical record numbers, and driver’s license numbers. Broward Health said some data was exfiltrated from its systems.
The cyberattack was reported to the Department of Justice which requested Broward Health delay sending breach notification letters to affected individuals so as not to interfere with the law enforcement investigation.
Broward Health has taken steps to improve security and prevent similar incidents in the future, which include implementing multifactor authentication for all users of its systems and setting minimum-security requirements for all devices not managed by Broward Health’s information technology department with access to its network. Those security requirements will take effect this January.
Broward Health has not received any reports that indicate patient or employee data have been misused, but as a precaution against identity theft and fraud, affected individuals have been offered a complimentary 2-year membership to the Experian IdentityWorksSM service, which includes identity theft protection, detection, and resolution services.
The incident has yet to appear on the HHS’ Office for Civil Rights breach portal but has been reported to the Maine Attorney General as potentially affecting 1,357,879 patients.
The post Broward Health Notifies Over 1.3 Million Individuals About October 2021 Data Breach appeared first on HIPAA Journal.