The Broward Health hospital system disclosed this weekend that it suffered from a massive data breach back in October, resulting in leakage of sensitive information of 1,3 million patients and staff.

In an official statement, the hospital system announced that on October 15, 2021, a threat actor hacked into the network through a third-party medical provider with access rights to the system.

While the Broward Health system learned about the incident four days later, on October 19th, they waited till now to make the information public due to a recommendation from the FBI and the Department of Justice, following the ongoing law enforcement investigation.

“The personal medical information accessed included name, date of birth, address, phone number, financial or bank account information, Social Security number, insurance information and account number, medical information including history, condition, treatment and diagnosis, medical record number, driver’s license number and email address,” the statement reads.

The hospital reacted by reaching out to a cybersecurity firm to oversee the investigation and requiring all staff members to change their passwords. At the same time, the statement suggests that there is currently no evidence that leaked information was misused.

While there are no mentions of the exact number of impacted individuals, Broward Health’s notification to the Maine Attorney General’s office records the total number of affected as 1,357,879, and the number of affected Maine residents as 473.

Broward Health recommends all potentially impacted staff members and patients take extra measures in medical identity theft protection. As such, medical identity theft allows threat actors to receive medical services in the victim’s name, purchase drugs, as well as bill insurance companies on their behalf. In order to mitigate potential risks, Broward Health advises keeping an eye on financial statements and the explanation of benefits statements from your health plan.

“To help protect your identity, Broward Health is offering a complimentary two-year membership of Experian’s® IdentityWorksSM. This product provides users with superior identity detection and resolution of identity theft,” the statement furtherly adds.

While it might not initially seem like the most valuable asset of all, medical data is worth hundreds of dollars on the black market. And despite limited budgets, many hospitals are starting to pay more attention to cybersecurity in light of recent ransomware and hacking events.

“When you have governance, regulations to comply with, and the actual events of cyberattacks, that’s going to force hospitals and other organizations to start straightening on their cybersecurity posture and the defense of their networks. Having this guidance out there will at least give them some starting points to where they need to start looking to assess whether currently as far as maintaining their environments and maintaining their security posture,” Ricardo Davidson Sr. of Guidehouse told CyberNews.


More from CyberNews:

8 cybersecurity trends to watch for 2022: From extortion to satellite attacks

CyberNews’ TOP 10 interviews of 2021

Cloud security in 2022: stormy horizons, shaken trust, and lack of talent

LastPass claims no accounts compromised after security warnings

If you can remember your password, it’s not secure enough – interview

Subscribe to our newsletter