Phishing Attack on Orlando Family Physicians Group Impacts 8,400 Patients

Family Physicians Group in Orlando has informed 8,400 patients that a phishing attack has allowed hackers to access the protected health information (PHI) of around 8,400 patients.

Family Physicians Group is a large healthcare provider that offers healthcare services for Medicare and Medicaid beneficiaries residing in Central Florida and operates 22 clinics in the region.

The investigation of the phishing attack revealed that access to an employee’s email account was obtained by the hacker on August 7, 2018. It is very likely that the unauthorized individual accessed the account until August 21, 2018, when Family Physicians Group discovered the breach and changed the login details. The hacker had acquired the login details as a result of the employee responding to a phishing email message.

When the email messages contained in the compromised account were examined, the investigators found that the PHI of patients was included in some messages. The messages did not contain any financial data or Social Security numbers, only names, birth dates, names of physicians, and health insurance plan information was potentially viewed.

While the theft of patient data was possible, no reports of misuse of patient information have been received by Family Physicians Group. As a security measure, employees’ email passwords have been reset and additional protection measures have been put in place to strengthen its defenses against phishing attacks.

Family Physicians Group sent breach notifications to the affected patients on December 28, 2018. The breached entity did not give any reason for the delay in issuing notifications to patients. HIPAA requires patients to be notified about a breach within 60 days of discovery.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: