Social Security numbers, patient medical history and bank account information are among the data that have been exposed in the breach of Broward Health, a network of over 30 health care facilities serving patients across roughly 2 million-person Broward County, Florida, according to a notice the health care provider filed with the Office of the Maine Attorney General.
About 470 of the data breach victims live in Maine. Like other states, Maine law requires organizations that hold state residents’ personal data to file a disclosure when they’ve been hacked.
In the case of Broward Health, there is no indication that the unidentified hackers had any impact on patient care and medical devices. It was also not clear if the incident involved ransomware.
Spokespeople for Broward Health did not immediately respond to phone calls and emails seeking comment on who was responsible for the breach and whether it involved ransomware. Mark Krotoski, who is listed as an attorney for Broward Health in the breach notice, did not immediately respond to a request for comment.
The intruders accessed Broward Health’s computer networks via a “third-party medical provider,” according to the breach notice, an incident that highlights the exposure that hospitals and other organizations have to hackers via their supply chains.
“This personal information was exfiltrated, or removed, from Broward Health’s systems, however, there is no evidence the information was actually misused by the intruder,” the breach notice says.