Hackers breached Florida health care system, potentially exposing data on 1.3 million people

CNN/Stylemagazine.com Newswire | 1/4/2022, 12:48 p.m.
Hackers breached the computer networks of a southeast Florida health care system in October and may have accessed sensitive personal …
Social Security numbers, patient medical history and bank account information are among the data that have been exposed in the breach of Broward Health, a network of over 30 health care facilities serving patients across roughly 2 million-person Broward County, Florida. Mandatory Credit: Shutterstock

Originally Published: 04 JAN 22 10:51 ET

By Sean Lyngaas, CNN

(CNN) -- Hackers breached the computer networks of a southeast Florida health care system in October and may have accessed sensitive personal and financial information on over 1.3 million people, the health care system announced this week.

Social Security numbers, patient medical history and bank account information are among the data that have been exposed in the breach of Broward Health, a network of over 30 health care facilities serving patients across roughly 2 million-person Broward County, Florida, according to a notice the health care provider filed with the Office of the Maine Attorney General.

About 470 of the data breach victims live in Maine. Like other states, Maine law requires organizations that hold state residents' personal data to file a disclosure when they've been hacked.

It is just one of numerous cyber incidents that have rattled the health sector during the pandemic, as cybercriminals have not let up in stealing data from hospitals and trying to profit from it. A ransomware attack on the Los Angeles chapter of Planned Parenthood in October compromised the personal information of about 400,000 patients.

In the case of Broward Health, there is no indication that the unidentified hackers had any impact on patient care and medical devices. It was also not clear if the incident involved ransomware.

Spokespeople for Broward Health did not immediately respond to phone calls and emails seeking comment on who was responsible for the breach and whether it involved ransomware. Mark Krotoski, who is listed as an attorney for Broward Health in the breach notice, did not immediately respond to a request for comment.

The intruders accessed Broward Health's computer networks via a "third-party medical provider," according to the breach notice, an incident that highlights the exposure that hospitals and other organizations have to hackers via their supply chains.

"This personal information was exfiltrated, or removed, from Broward Health's systems, however, there is no evidence the information was actually misused by the intruder," the breach notice says.