A healthcare institution in Florida known as Broward Health revealed a massive data breach in its system that affected over 1.3 million individuals. Broward Health covers over 30 locations that offer various medical services and admits 60,000 patients annually.
The healthcare institution revealed a cyberattack incident in October of last year when an infiltrator acquired unauthorised access to the institution’s network and patient information. The breach was discovered four days later, and the institution instantly reached out to the FBI and the US DOJ to seek assistance.
Additionally, all workers inside the healthcare institution were advised to change their passwords. They also sought the help of a third-party cybersecurity expert to aid them with the investigations.
After numerous investigations, the experts revealed that a group of malicious threat actors obtained patient medical information and history. Some notable credentials that got compromised from the data breach are full names, birthdays, addresses, mobile numbers, bank information, social security numbers, insurance information, medical history, driver’s license numbers, and email addresses.
Unfortunately, the most vulnerable information accessed by the threat actors is the patients’ illness, medical condition, treatment, and diagnosis records.
Although the healthcare institution confirmed that the threat actors had stolen the earlier data, they noted that there is no proof that the infiltrators used it for immoral purposes.
Furthermore, the access point of the threat actors was said to be a third-party healthcare provider who was permitted entrance to the system to execute their provisions.
Since the exposed data is critical, affected individuals should remain wary against most forms of communication because they will be prone to possible phishing attempts. Fortunately, Broward offers free membership to identity theft detection and protection services effective for two years.
Exfiltrated information is often exchanged privately on dark web forums and black markets. Hence, it is too early to assume that the threat actors did not use the stolen data for malicious purposes.
Massive data breaches always take a long time before threat actors can target any high-profile targets since they will carefully pick worthy victims among the 1.3 million affected individuals.