Florida Hospital uses three websites that had been infected with malware. Because of the malware attack, the threat actors potentially had access to the protected health information (PHI) of patients. There is no confirmed report that suggests any PHI access or misuse of PHI. Florida Hospital has informed patients of the breach. Out of an abundance of caution, the hospital offered patients complimentary credit monitoring services. The three websites that were attacked by malware are FHExecutiveHealth.com, FloridaBariatric.com and FHOrthoInstitute.com.
According to Florida hospital, there was limited data potentially compromised and no financial information was included. The following information were potentially obtained by the attackers: the patients’ names, dates of birth, phone numbers, email addresses, insurance carriers, last four digits of Social Security numbers, patients’ height and weight and any comments uploaded via the sites. Only the three websites were infected with the malware and all other systems are safe.
There is no information regarding the type of malware that infected the websites nor the length of time the malware had been on the websites before detection. Florida Hospital already made a press released statement regarding the malware infection and stated that the three websites were taken offline for malware removal and sanitation.
Florida Hospital has not yet reported the incident to the Department of Health and Human Services’ Office for Civil Rights. Hence, there is no exact number of impacted patients yet. All patients who were impacted by the breach will receive notification letters by mail in the event that their PHI is believed to have been compromised. The hospital is doing all the necessary steps to improve its online networks and address all vulnerabilities so that similar security breaches will be prevented.