Tampa General Hospital this week started informing patients that their personal information was compromised in a ransomware attack that has impacted approximately 1.2 million individuals.
In an incident notice on its website, the Tampa-based medical center announced that the attack was discovered on May 31, when its monitoring tools detected unusual activity on internal systems.
The healthcare services provider immediately activated its incident response plan and was able to contain the attack before any file-encrypting ransomware was executed.
“TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients,” the medical center announced.
The investigation into the attack revealed that the threat actors had access to the hospital’s systems for roughly three weeks, between May 18 and May 30.
During this time, the attackers accessed files containing patient information, including names, addresses, birth dates, phone numbers, Social Security numbers, health insurance details, medical record and patient account numbers, and some treatment information.
“TGH’s electronic medical record system was not involved or accessed,” the hospital says.
The company says it will send notification letters to those impacted and told SecurityWeek that the attackers stole the data of roughly 1.2 million individuals.
The hospital may face a class action suit following the cyberattack.
“Attorneys working with ClassAction.org are now looking into the security incident and whether a class action lawsuit can be filed on behalf of affected individuals,” ClassAction.org announced.
*updated with confirmation that 1.2 million individuals were impacted.