The Broward Health public health system has disclosed a large-scale data breach incident impacting 1,357,879 individuals.
Broward Health is a Florida-based healthcare system with over thirty locations offering a wide range of medical services and receives over 60,000 admissions per year.
The healthcare system disclosed a cyberattack on October 15, 2021, when an intruder gained unauthorized access to the hospital's network and patient data.
The organization discovered the intrusion four days later, on October 19, and immediately notified the FBI and the US Department of Justice.
At the same time, all employees were advised to change their user passwords, and Broward Health contracted a third-party cybersecurity expert to help with the investigations.
An investigation revealed that the threat actors gained access to patient's personal medical information, which may include the following items:
- Full name
- Date of birth
- Physical address
- Phone number
- Financial or bank information
- Social Security number
- Insurance information and account number
- Medical information and history
- Condition, treatment, and diagnosis
- Driver’s license number
- Email address
Although Broward Health confirms that the network intruder has exfiltrated the above data, it notes that there is no evidence that the threat actors misused it.
Notably, the intrusion point was determined to be a third-party medical provider who was permitted access to the system to provide their services.
