Broward Health in the United States recently experienced a large-scale data leak that affected 1357879 individuals. Broward Health is a Florida-based medical system that provides a wide range of medical services at more than 30 locations and admits more than 60000 patients to hospitals each year.
The medical system was attacked on Oct. 15, 2021, when an intruder gained unauthorized access to the hospital’s network and patient data. The organization discovered the intrusion four days later, on Oct. 19, and immediately notified FBI and the United States Department of Justice.
In the meantime, all employees were instructed to change their user passwords, and Broward Health contracted with an outside network security expert to help with the investigation.
The survey shows that hackers who invaded the website obtained the patient’s personal medical information, which may include the following contents:
- full name
- date of birth
- Actual address
- Telephone number
- Financial or banking information
- Social Security number
- Insurance information and account number
- Medical information and history
- Condition, treatment and diagnosis
- Driver’s license number
- e-mail address
Broward Health did confirm that hackers had accessed the above data, but pointed out that there was no evidence that the data had been misused. It is worth noting that the intruder was identified as a third-party medical facility that is allowed to enter the system to provide services.
“In response to this incident, Broward Health is taking steps to prevent similar incidents from happening again. These include ongoing investigations, password resets to strengthen security measures across the organisation, and multifactor authentication for all users of the system,” Broward Health said in a disclosure notice to affected patients and employees.
“We have also begun implementing additional minimum security requirements for devices not managed by Broward Health Information Technology that access our network, which will go into effect in January 2022.
Due to the critical nature of the data at risk, the recipient of the notification must be vigilant in all forms of communication. In addition, the medical system offers two-year identity theft detection and protection services through Experian, with detailed information on how to enrol.
This attack shows that the rapid momentum of ransomware attacks shows no signs of slowing down in the new year.
To build a solid mechanism to protect data, we must first have a set of effective technical measures in place. For example, we need to improve our own data security management capabilities, improve the regulatory compliance system in a timely manner, secure important data, and encrypt and protect data and files with reliable solutions.
To get critical data fully prepared against varied threats, Vinchin Backup & Recovery carries out a series of DR solutions applicable in a wide range of scenarios. It supports the world’s most mainstream virtual environments including VMware, XenServer/XCP-ng, Hyper-V, RHV/oVirt, OpenStack, Sangfor HCI, Oracle Linux Virtualization Manager and Huawei FusionCompute (Xen Based). And Vinchin just released Vinchin Backup & Recovery v6.5 with many new capabilities such as Multi-tenant Backup Solution for MSPs, Cross-Platform Recovery (V2V), Database Backup & Recovery, Backup Data Encryption & Backup Storage Protection, etc. Download 60-day FREE trial with full features.