UF Health announces another data breach; nearly 1,000 patients had personal information accessed

by | Aug 31, 2022

  • The University of Florida (UF) Health Shands Hospital announced Wednesday that it experienced a data breach between April and July 2021 
  • 941 patients had medical and personal data compromised, including date of birth, address, and potentially clinical information 
  • The hospital confirmed that social security information was not accessed 
  • UF Health has suffered from a series of data violations since 2021 

Less than a year after suffering a 700,000 patient data violation, The University of Florida (UF) Health Shands Hospital on Wednesday announced another information breach in 941 patients’ medical records between April 27, 2021, and July 21, 2022.

An investigation into the incident determined that certain patient demographic information such as name, date of birth, mailing address, and phone number were breached.

In addition, medical record number, physician’s name, and limited clinical information may have been accessed or viewed. In some instances, the insurance group and subscriber or policy numbers may have also been involved.

The hospital confirmed that the incident did not involve anyone’s Social Security numbers.

“Upon learning of this incident, UF Health Shands immediately began an investigation to assess the information impacted and terminated the employee’s access to all medical records and other information systems,” said the report. “This individual is no longer employed by UF Health Shands.”

UF Health additionally consulted with a data breach recovery expert and established all required and necessary communications to the affected patients and regulatory officials, according to the institution.

All affected patients were notified by mail about this incident, and UF Health Shands states that it has no reason to believe that the information was further used or disclosed.

UF Health’s data breach is the latest attack to target a large-scale Florida hospital. In Oct 2021, an intruder gained entry to the Broward Health network through the office of a third-party medical provider.

Additionally, U.S. Department of Health and Human Services’ Office of Civil Rights registered that in 2021, hackers gained unauthorized access to UF Health’s computer network around May 31, gaining sensitive patient information – including names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers and patient account numbers.

The repeating nature of medical data violations in Florida calls into question the level of digital security infrastructure put in place by the state’s largest health facilities.

With such sensitive information as an individual’s social security number, home address, and date of birth, hackers have the ability to steal the identity of patients.

While no legislative action has been discussed to mandate a streamlined, more secure system across all of Florida’s major hospitals, data privacy at large is a chief concern of Gov. Ron DeSantis.


%d bloggers like this: