42,000 Patients Impacted by 16-Month Malware Attack on Florida Pulmonary & Sleep Medicine Center

The AdventHealth Medical Group Pulmonary & Sleep Medicine in Tavares, Florida, previously called Lake Pulmonary Critical Care, has discovered hackers have accessed its systems and potentially viewed or acquired the protected health information (PHI) of approximately 42,161 patients.

The attack on Pulmonary & Sleep Medicine Center happened in August 2017 and resulted in the installation of malware. The malware infection was identified on December 27, 2018. It is currently uncertain how the malware was installed.

An investigation was conducted to find out the magnitude of the breach and the patients whose PHI had potentially been accessed. The investigation revealed the hackers had accessed parts of the center’s system that contained patients’ PHI. The PHI that may have been accessed included patients’ names, email addresses, addresses, phone numbers, birth dates, medical histories, health insurance details, Social Security numbers, and details of race, gender, height, and weight.

Following the detection and removal of the malware, AdventHealth implemented additional security controls to prevent cyberattacks from succeeding in the future and system audits will be conducted more frequently in the future.

On January 25, 2019, AdventHealth began mailing breach notification letters to the patients whose PHI was compromised. The center has offered all affected patients complimentary credit monitoring and identity theft restoration services from Kroll for one year. Patients have been advised to review their explanation of benefits statements from their insurance companies for any indications of misuse of their insurance details.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/