Broward Health Notifies Patients and Staff of Oct. 15 Data Breach

Jan. 4, 2022

On Jan. 1, Broward Health issued a statement to its patients and staff that a bad actor gained entry to the network through the office of a third-party vendor—the DOJ requested Broward Health delay notification due to the ongoing investigation

Janette Wider

Florida-based Broward Health announced over the weekend that it had notified patients and staff that their personal information was subject to a data breach that began on Oct. 15.

Broward Health issued a statement on Saturday, Jan. 1 stating that “On October 15, 2021, an intruder gained entry to the Broward Health network through the office of a third-party medical provider permitted to access the system to provide healthcare services. Broward Health discovered the intrusion on October 19, 2021, and promptly contained the incident, notified the FBI and the Department of Justice (DOJ), required a password reset for all employees and engaged an independent cybersecurity firm to conduct an investigation. Broward Health also engaged an experienced data review specialist to conduct an extensive analysis of the data to determine what was impacted, which determined some patient and employee personal information may have been impacted. The DOJ requested the Broward Health briefly delay this notification to ensure that the notification does not compromise the ongoing law enforcement investigation.”

That said, “The personal medical information accessed included name, date of birth, address, phone number, financial or bank account information, Social Security number, insurance information and account number, medical information including history, condition, treatment and diagnosis, medical record number, driver’s license number and email address. This personal information was exfiltrated (removed from Broward Health’s systems), however, there is no evidence the information was actually misused.”

The statement from Broward Health does not include how many individuals were impacted. As of the time this article was published it had not yet posted the breach to the Office for Civil Rights (OCR) data breach portal. Yet, according to the office of the Maine attorney general, 1,357,879 individuals were involved in the breach.

The statement from Broward Health suggests those impacted by the breach take steps to protect themselves from medical identify theft. “Medical identity theft occurs when someone uses an individual’s name, and sometimes other identifying information, without the individual’s knowledge to obtain medical services or products, or to fraudulently bill for medical services that have not been provided,” the statement says. “We suggest that you regularly review the explanation of benefits statements that you receive from your health plan. If you see any service that you did not receive, contact the health plan at the number on the statement.”

Finally, the statement recommends that those individuals affected by the breach monitor their financial accounts and contact their financial institution if they see any unauthorized activity. Additionally, Broward Health advises obtaining a free copy of their credit report from the three major credit reporting agencies every 12 months.