More than 1.3 million people were impacted in a data breach at Broward Health, the Florida hospital system has revealed.
The incident was disclosed on January 1, 2022, when the organization announced that unauthorized access to a third-party medical provider resulted in patient and employee data being compromised.
The threat actor gained access to the system on October 15 and the intrusion was discovered on October 19, the organization said.
On January 1, Broward Health, which operates over 30 healthcare facilities in Broward County, started informing the impacted individuals of the incident.
A copy of the notification letter submitted to the Maine Attorney General’s Office reveals that potentially compromised data includes names, birth dates, contact information (addresses and phone numbers), driver’s license numbers, Social Security numbers, financial information, insurance data, and medical information such as condition, diagnosis, medical history, treatment and medical record number.
“This personal information was exfiltrated, or removed, from Broward Health’s systems, however, there is no evidence the information was actually misused by the intruder,” the company said.
Broward Health also told the Maine Attorney General’s Office that the data of roughly 1,358,000 people was impacted in the incident.
The organization says that it has reset passwords of employees, has implemented multi-factor authentication on all systems, and has started implementing “minimum-security requirements for devices that are not managed by Broward Health Information Technology that access our network, which will become effective in January 2022.”
Broward Health also says that it does not have indications that the compromised information might have been misused or used to commit fraud.
Related: Broward Health Hit With Data Breach on Patients, Staff
Related: Saltzer Health Informs Patients of Personal Information Exposure
Related: Utah Medical Group Discloses Data Breach Affecting Over 580,000 Patients
