Aerial Photo Broward Health Medical Center Fort Lauderdale FL
Cyber Breach HIPAA News & Events

Broward Health Data Breach Impacts over 1.3 Million Patients and Staff Members

Marty Tatro
by January 5, 2022

Introduction:

Since January 1 of 2021, the Department of Health and Human Services has reported at least 690 healthcare-related data breaches on their website. One that has yet to show up in their database is Broward Health in Florida. Over the weekend, that organization notified more than 1.3 million individuals that it had experienced a data breach that started the previous October. This particular breach involved the health information of patients and the personal information of employees. 

What happened:

On or about October 19, 2021, Broward Health discovered that a hacker had breached their network via a third-party medical provider (not listed at this time). The breach occurred on October 15, 2021, based on evidence found at the time. Their investigation revealed that the hacker exfiltrated personal data from the network.

Types of data impacted:

During the breach, the hacker(s) stole; Social Security numbers, addresses, healthcare information related to patient’s care, and financial information. The thieves also pilfered information about the employees of Broward Health. 

What can the hacker(s) do with this data?

There is no limit to what an attacker can do with patient healthcare records. Threat actors can leverage data of various types to accomplish multiple goals. The combination of information types exposed here allows a lot of latitude for a threat actor. 

For instance, the perpetrator can conduct various types of fraud related to medical care. A fraudster may order fake prescriptions, medical devices, or sensors and sell them. They may attempt to garner more information from the patients or their providers. 

In another scenario, bad actors create financial accounts in the victim’s name to start loans, purchase products, or even apply for credit cards. 

Likely, some or all of these events have already taken place. Customers and employees of Broward Health and its associates are possibly already affected beyond the damage caused by the breach.

Northstarr Recommendations:

HIPAA regulation requires that healthcare providers and their business associates implement and maintain appropriate security measures to protect their customer’s data and privacy. We believe that access controls, network monitoring, and multi-factor authentication measures could have reduced or eliminated this particular breach. 

Northstarr professionals are available to help you protect your organization from events such as the Broward Health hospital system experienced and deal with breaches if they occur.