- Tampa General Hospital (TGH) disclosed on Thursday a cybersecurity breach experienced between May 12 and May 30, where an unauthorized third party accessed the hospital’s network and obtained sensitive patient files.
- The breach affected 1.2 million patients, with compromised patient information including names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, and medical record numbers.
- The breach has been reported to the FBI for investigation.
Tampa General Hospital (TGH) announced on Thursday that it suffered from a cybersecurity breach between May 12 and May 30, disclosing that an unauthorized third party accessed TGH’s network and obtained patient information.
The hospital states that it first detected irregular activity on May 31 and subsequently contracted a third-party forensic agency to investigate the matter. The hack affected 1.2 million patients and involved varying forms of patient information such as names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, and medical record numbers.
Because TGH was able to prevent encryption, the facility’s operational capabilities were unaffected. Hospital officials will mail notification letters to individuals whose information may have been involved in this event and will provide individuals whose Social Security number was involved with complimentary credit monitoring and identity theft protection services. TGH has also reported the event to the FBI and provided information to support its investigation. Attempts to contact TGH personnel went unanswered.
“On May 31, 2023, through our proactive monitoring tools, TGH detected unusual activity on our computer systems. We immediately took steps to contain the activity and began an investigation with the assistance of a third-party forensic firm,” said TGH in a statement. “However, the investigation determined that an unauthorized third party accessed TGH’s network and obtained certain files from its systems between May 12 and May 30, 2023.”
TGH is the latest hospital system to report potential ransomware events. Last week, HCA Healthcare, which has 46 hospitals in Florida, reported that approximately 11 million individuals nationwide may have had their personal information compromised by an identified data leak. The breach spanned all 46 HCA hospitals within Florida and extends to more than 150 clinics, including MdNow centers owned by the provider.
Similarly, the U.S. Department of Health and Human Services (HHS) officially launched an investigation into a suspected ransomware attack against Tallahassee Memorial Healthcare (TMH). Per the hospital, the breach potentially compromised the personal data of more than 20,000 individuals.
According to the HHS breach database, the agency commenced a formal inquiry on March 31st, classifying the event as a hack or IT compromise. TMH disclosed that potentially exposed data could include names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, and treatment details.
In a statement, TMH conveyed that it initiated the process of notifying affected patients by mail regarding the potential compromise of their information. Notably, TMH asserted that no financial account or payment card information was implicated in the attack, and TMH’s electronic medical records remained unaffected.