Tampa General Hospital (TGH) has revealed a data breach that may have affected the information of approximately 1.2 million patients.
In a notice on its website last week, TGH said it first detected unusual activity on its computer systems on May 31, 2023.
The hospital also said its careful monitoring system and skilled technical experts thwarted the cybercriminals’ encryption attempts and prevented serious disruption of patient care.
However, during the course of the investigation, it was confirmed that unauthorized access occurred between May 12th and May 30th, 2023, resulting in the extraction of certain files containing sensitive patient data.
“Cyber attackers typically do not use sophisticated hacking tools and techniques like zero-day exploits to gain access to networks. In most cases, they simply log in using legitimate user credentials gleaned from previous data breaches,” said Al Martinek, Customer Threat Analyst at Horizon3.ai.
“Once they gain initial access, they appear to be legitimate users and can move laterally through the network to gain further access and establish persistence, steal sensitive data, bring down systems, and hold organizations hostage with ransomware.”
Read more about a similar attack: Ransomware attack on Barcelona hospital disrupts operations
According to TGH, the leaked information was individualized and included names, addresses, phone numbers, dates of birth, social security numbers, health insurance details, medical record numbers, patient account numbers, medical treatment dates, and limited treatment information used in business.
“This breach exposes patients to the risk of identity theft and financial fraud, and undermines patient confidence in the hospital’s commitment to data security.” Dasera CEO Ani Chaudhuri.
“In light of this breach, all affected individuals should immediately protect themselves. It is important to closely monitor financial accounts, check credit reports regularly, and remain vigilant for suspicious activity.”
The hospital said its electronic medical record system remained intact and secure throughout the incident.
Tampa General Hospital has reported this breach to the FBI and is working with them to identify the perpetrators behind this cyberattack.
The attack on TGH comes just weeks after the European Union Cyber Security Agency (ENISA) announced in a July 7 report that more than half of all cyberthreats targeting the EU healthcare sector are ransomware.
