The HIPAA Guide - Celebrating 15 Years Online

Malware Attack on Florida Hospital Websites Potentially Exposed Patients’ PHI

May 24, 2018HIPAA Breaches, Violations, and Fines0

Florida Hospital utilizes three websites that were attacked by malware. Due to the malware attack, it is very likely that the threat actors accessed the patients’ protected health information (PHI). However, there’s no verified report that indicates PHI was accessed or misused. Florida Hospital has notified the patients that were impacted by the breach. As a precautionary measure, the hospital provided patients with free credit monitoring services. The three websites attacked by malware are FHOrthoInstitute.com, FHExecutiveHealth.com and FloridaBariatric.com.

As per Florida Hospital, only limited information was potentially affected by the breach and financial data of patients was not included. The information potentially accessed by the attackers include the names of patients, birth dates, email addresses, phone numbers, insurance carriers, last four numbers of Social Security numbers, patients’ weight and height as well as any responses submitted to the sites. The malware attack only affected the three websites. All other systems of Florida Hospital are safe.

There are no details available yet concerning the type of malware that attacked the websites. It’s not known how long the malware had been infecting the websites prior to detection. Florida Hospital had released a statement to the press regarding the malware attack and mentioned that they have taken the three websites offline to remove the malware and clean the system.

Florida Hospital did not report the breach incident to the Department of Health and Human Services’ Office for Civil Rights yet and patients are not yet notified. When the exact number of affected patients is known, each will receive notification letters by mail regarding the potential PHI exposure and what can be done to mitigate risks. Florida Hospital is doing the important measures to secure its online networks and fix all vulnerabilities to avoid similar security breaches from happening again.

 

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2023 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide