Broward Health Data Breach: Data of 1.3Mn Patients Ends Up in Wrong Hands!

Colonial Pipeline ransomware attack in May 2021 shed the limelight on the disastrous and far-reaching effects of cyberattacks on critical infrastructure. JBS, Kaseya, Kronos, and a list of other high-profile cyber incidents have garnered the attention of America for all the wrong reasons.

Though these notorious cyberattacks have prompted the US Government to herald several cybersecurity initiatives, relatively less attention has been paid to potential cyber risks in the healthcare sector. As of now, the healthcare organizations in the US remain a lucrative and vulnerable target for cybercriminals.

The Broward Health is the latest addition to the list of healthcare organizations that fell victim to cybercriminals.

The Florida-based healthcare system recently announced that it suffered a large-scale data breach that impacted around 1.3 million people.

Also Read: Crypto Firm ONUS Suffers Data Breach, Data of 2 Mn Customers Put for Sale!

According to Broward Health, a malicious actor gained illegitimate access to the hospital’s network and exfiltrated patient data.

The primary investigation revealed that the perpetrator pilfered the medical information of 1,357,879 patients. The stolen patent’s data included full names, dates of birth, phone numbers, addresses, bank info, social security number, insurance info, medical information and history, driver’s license number, and email addresses.

Healthcare Security

However, according to Broward Health, there is no evidence that the attacker exploited the pilfered data.

“The personal information was exfiltrated, or removed, from Broward Health’s systems, however, there is no evidence the information was actually misused by the intruder,” said the hospital in the notification of the breach.

As unlawfully obtained data is often put for sale on dark web forums, it is too early to conclude that there are no signs of data abuse in the wild. These massive amounts of stolen data often go through a time-consuming evaluation process to target specific high-value people for social engineering or phishing attacks. Therefore, a delay in exploiting the stolen data can be expected.

Also Read: RIPTA’s Massive Hack Raises Many Questions

Anyways, the exposed patients shouldn’t be complacent about their data privacy and security.

The investigation revealed that the intrusion point of the incident was a third-party medical provider who had access to the hospital’s network.

Upon discovering the breach, Broward Health immediately notified the FBI and the US Department of Justice. The healthcare provider also roped in a third-party cyber expert to investigate the incident. Moreover, the hospital directed all its employees to update their user passwords.

“In response to this incident, Broward Health is taking steps to prevent recurrence of similar incidents, which include the ongoing investigation, a password reset with enhanced security measures across the enterprise, and the implementation of multifactor authentication for all users of its systems,” notified the hospital to affected patients and employees.

“We have also begun implementation of additional minimum-security requirements for devices that are not managed by Broward Health Information Technology that access our network, which will become effective in January 2022.”

Also Read: Azure App Service’s Security Flaw ‘NotLegit’ Exposes Source Repository!

In addition, Broward Health has said that it would compensate the affected people with identity theft detection and protection services.

“To help protect your identity, we are offering a complimentary two-year membership of Experian’s IdentityWorksSM. This product provides you with superior identity detection and resolution of identity theft,” said Broward Health.

Contact Us

More New Articles: