Over 120,000 patients impacted in Florida hospital data breach

Florida-based healthcare provider, Center for Digestive Health, said that the data security incident it suffered last year compromised the sensitive personal information of more than 120,000 individuals.

 

Headquartered in Orlando, Florida, the healthcare institution, also known as Gastroenterology Associates of Central Florida, focuses on disorders related to the digestive system, including both short-term conditions and chronic, lifelong diseases.

 

In a data security incident notice filed with the Office of Maine Attorney General, Center for Digestive Health said that on April 11, 2024, it detected suspicious activities in its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure their affected network and notified relevant law enforcement authorities about the cyber security incident.

 

“As a result of the investigation, the Clinic learned that an unauthorised actor accessed and acquired certain files and data stored within our network, as has occurred in many other businesses, banks, and large corporations in America,” reads the notice.

 

The compromised data included names, Social Security numbers, dates of birth, and health information. CDH said in its filing with the Maine state regulator that at least 122,437 individuals were impacted by the incident.

“Upon detecting this incident, we deployed additional monitoring tools and will continue to enhance the security of our systems,” the hospital added.

 

While Center for Digestive Health found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

In May, the BianLian Ransomware group claimed responsibility for the cyber attack on the healthcare provider and listed it as a victim on its data leak site. Following a failed negotiation in June, the group allegedly leaked 2.2 terabytes of data it sole from the healthcare company’s systems.