Broward Health Notification of Data Incident Involving Personal Medical Information
At Broward Health, protecting the personal and medical information of our patients is one of our top priorities.
We are providing notice of a data incident that may affect the security of some information relating to a segment of our employee and patient population. Although we have no evidence that your personal information has been misused, we are providing information to make you aware of the security incident so that you may take any necessary precautions. We have provided individual notifications for potentially impacted parties but are providing this notice for anyone for whom we do not have a current mailing address. If you have any additional questions, please call 855-862-8553, Monday through Friday 9am – 11pm EST, or Saturday and Sunday 11am-8pm EST. Be prepared to provide your engagement number B023090.
What Happened? On October 15, 2021, an intruder gained entry to the Broward Health network through the office of a third-party medical provider permitted to access the system to provide healthcare services. Broward Health discovered the intrusion on October 19, 2021, and promptly contained the incident, notified the FBI and the Department of Justice (DOJ), required a password reset for all employees and engaged an independent cybersecurity firm to conduct an investigation. Broward Health also engaged an experienced data review specialist to conduct an extensive analysis of the data to determine what was impacted, which determined some patient and employee personal information may have been impacted. The DOJ requested the Broward Health briefly delay this notification to ensure that the notification does not compromise the ongoing law enforcement investigation.
What Information Was Involved? The personal medical information accessed included name, date of birth, address, phone number, financial or bank account information, Social Security number, insurance information and account number, medical information including history, condition, treatment and diagnosis, medical record number, driver’s license number and email address. This personal information was exfiltrated (removed from Broward Health’s systems), however, there is no evidence the information was actually misused.
How did Broward Health Respond? Broward Health takes the protection of personal and medical information on its network very seriously. We regularly review our systems as well as our privacy and security practices to enhance those protections. In response to this intrusion, Broward Health is taking steps to prevent recurrence of similar incidents, which include the ongoing investigation, a password reset with enhanced security measures across the enterprise, and the implementation of multifactor authentication for all users of its systems. Broward Health has also begun implementation of additional minimum-security requirements for devices not managed by Broward Health Information Technology (IT) with access to its network, which will become effective in January 2022.
To help protect your identity, Broward Health is offering a complimentary two-year membership of Experian’s® IdentityWorksSM. This product provides users with superior identity detection and resolution of identity theft.
What Can Impacted Individuals Do? Although there is no evidence that employee or patient information has been misused, Broward Health is making everyone aware of resources to help safeguard your personal information. While Broward Health has no indication that your personal information has been used to commit fraud, we recommend that you consider steps to protect yourself from medical identity theft. Medical identity theft occurs when someone uses an individual’s name, and sometimes other identifying information, without the individual’s knowledge to obtain medical services or products, or to fraudulently bill for medical services that have not been provided. We suggest that you regularly review the explanation of benefits statements that you receive from your health plan. If you see any service that you did not receive, contact the health plan at the number on the statement.
We also recommend that you monitor your financial accounts and if you see any unauthorized activity, promptly contact your financial institution. You may also want to consider obtaining a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com, calling 1-877-322-8228, or by completing an Annual Credit Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at www.annualcreditreport.com/manualRequestForm.action.
Alternatively, you may elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies listed below:
P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
You may also choose to contact the three national credit reporting agencies listed above for information about placing a “fraud alert” and/or a “security freeze” on your credit report to further detect any possible misuse of your personal information. Contact the Federal Trade Commission for additional information about “fraud alerts” and “security freezes,” and about how to monitor and protect your credit and finances.
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, D.C. 20580