Patients of Florida’s Pulmonary & Sleep Medicine Center Impacted by Data Breach
The Pulmonary and Sleep Medicine Center of AdventHealth Medical Group has discovered that its systems have been accessed by the hackers, and as a result, they have possibly viewed and/or acquired the PHI (Protected Health Information) of more than 42,000 patients. The AdventHealth Medical Group Pulmonary and Sleep Medicine, previously known as Lake Pulmonary Critical Care, is located at Tavares, Florida.
The attack on the Pulmonary and Sleep Medicine Center that took place in the month of August 2017, resulted in installation of malware. However, the malware infection has not been detected till December 27, 2018, by the AdventHealth officials. It is currently unclear how this malware got installed and why the AdventHealth officials have taken 16 months to detect the malicious software. This is one of the longest breach period (16 months) reported in healthcare sector.
The center has conducted an investigation to find the magnitude of this breach, and also to find out the patients whose Protected Health Information had possibly been accessed. It was revealed in the investigation that the hackers had access to parts of the center's system, in which patients' PHI has been stored. The Protected Health Information that might have been accessed includes the patients' names, addresses, email addresses, birth dates, phone numbers, Social Security numbers, health insurance details, medical histories, and also the details of gender, height, weight and race.
As per the officials, after the detection as well as removal of this malware, AdventHealth has strengthened its processes in order to bolster their auditing as well as system safeguards. Additional security controls has been implemented by AdventHealth to prevent any kind of cyberattacks in the near future. Moroever, AdventHealth will ensure that frequent security audits were conducted in the near future.
The AdventHealth started sending notification emails about the breach to all those patients whose Patient Health Information got compromised on January 25, 2019. There were more than 42,000 patients who have been notified that their health and personal data remained breached for over a year because of the hack. Moreover, the center also has offered complimentary identity theft restoration as well as credit monitoring services from Kroll to all the patients who got affected by the breach for one year.
» SPAMfighter News - 3/12/2019