Florida’s health system is hacked and 1.3 million data is exposed

Hackers breached healthcare system computer networks in Southeast Florida in October 2021 and may have accessed sensitive personal and financial data on more than 1.3 million people, the US healthcare system reported this week.

ID numbers, patient medical history and bank details were among the data that was exposed in the invasion of Broward Health, a network of more than 30 healthcare facilities serving nearly 2 million patients in Broward County, Florida, according to a bulletin made by the health care provider to the Maine Attorney General’s Office.

About 470 breached data are from victims living in the state of Maine. Like other states, Maine law requires organizations that withhold personal data from state residents to file a complaint when they are hacked.

This is just one of numerous cyberattacks that hit the healthcare industry during the pandemic, as cybercriminals have not given up on stealing hospital data and trying to profit from it. An atack ransomware no department of Planned Parenthood of Los Angeles also in October compromised personal information of 400,000 patients.

In the case of Broward Health, there is no indication that the hackers had any impact on patient care and medical equipment. It was also unclear whether the incident involved a ransomware-type attack.

Spokespersons for Broward Health did not immediately respond to calls and emails with requests for comment about who was responsible for the intrusion and whether or not a ransomware attack was involved. Mark Krotoski, listed as a Broward Health attorney in the bulletin, did not immediately respond to the request for comment.

According to the bulletin, intruders accessed Broward Health’s computer network via “a third-party medical provider,” highlighting the exposure of hospitals and other organizations to hackers through their providers.

“Personal information has been extracted and transferred or removed from Broward Health’s systems, however, there is no evidence that it was actually misused by attackers,” says the breach bulletin.