Florida Hospital utilizes three websites that were attacked by malware. Due to the malware attack, it is very likely that the threat actors accessed the patients’ protected health information (PHI). However, there’s no verified report that indicates PHI was accessed or misused. Florida Hospital has notified the patients that were impacted by the breach. As a precautionary measure, the hospital provided patients with free credit monitoring services. The three websites attacked by malware are FHOrthoInstitute.com, FHExecutiveHealth.com and FloridaBariatric.com.
As per Florida Hospital, only limited information was potentially affected by the breach and financial data of patients was not included. The information potentially accessed by the attackers include the names of patients, birth dates, email addresses, phone numbers, insurance carriers, last four numbers of Social Security numbers, patients’ weight and height as well as any responses submitted to the sites. The malware attack only affected the three websites. All other systems of Florida Hospital are safe.
There are no details available yet concerning the type of malware that attacked the websites. It’s not known how long the malware had been infecting the websites prior to detection. Florida Hospital had released a statement to the press regarding the malware attack and mentioned that they have taken the three websites offline to remove the malware and clean the system.
Florida Hospital did not report the breach incident to the Department of Health and Human Services’ Office for Civil Rights yet and patients are not yet notified. When the exact number of affected patients is known, each will receive notification letters by mail regarding the potential PHI exposure and what can be done to mitigate risks. Florida Hospital is doing the important measures to secure its online networks and fix all vulnerabilities to avoid similar security breaches from happening again.