by Thomas Dworetzky
, Contributing Reporter | January 05, 2022
On October 15, 2021, Broward Health network suffered a hack via “the office of a third-party medical provider permitted to access the system to provide healthcare services,” the organization said in a statement released January 3, 2022.
It also stated that the delay in announcing the breach was because, “the DOJ requested that Broward Health briefly delay this notification to ensure that the notification does not compromise the ongoing law enforcement investigation.”
The intrusion was spotted by Broward on October 19, 2021, was contained at that time, and the FBI and DOJ were notified at that point.
Security precautions were put in place that included a password reset for all employees, the hiring of a cybersecurity firm for an investigation, and the onboarding of a data-review specialist to assess the extent of the information theft.
Research revealed that thieves gained access to — and stole — personal medical information including name, date of birth, address, phone number, financial or bank account information, Social Security number, insurance information and account number, medical information including history, condition, treatment and diagnosis, medical record number, driver’s license number, and email address.
Broward did not address the number of people impacted in its release, but in a filing with the Maine attorney general's office
, the organization put the total at 1,357,879.
Stating that it “takes the protection of personal and medical information on its network very seriously,” the organization advised that various steps have been taken to prevent a similar attack from taking place. Some of these include the implementation of multifactor authentication for all users of its systems and beefed-up security requirements for devices not managed directly by Broward's IT department that need access to its network.
To date, no misuse of the stolen data has been uncovered, but Broward advised those impacted that it would provide a complimentary two-year membership of Experian’s IdentityWorks, and that they should monitor accounts for unauthorized activities.
Medical facilities have become frequent cybercrime targets. On December 17, Capital Region Medical Center was hit by a brutal cyberattack.
"While our information security team is working diligently to bring our systems back online as quickly, and securely, as possible, nothing is more important to us than the health and safety of our patients and continuing to provide the care our patients expect," Lindsay Huhman, CRMC director of marketing and communications, stated at the time