Tampa General Hospital (TGH) has revealed a data breach that may have affected the information of approximately 1.2 million patients.
Writing in a notice on its website last week, TGH said it first detected unusual activity on its computer systems on May 31 2023.
The hospital also explained that the cyber-criminals’ encryption attempts were foiled thanks to its vigilant monitoring systems and skilled technology professionals, preventing a severe disruption in patient care.
However, during the investigation, it was confirmed that unauthorized access had occurred between May 12 and May 30 2023, resulting in the extraction of specific files containing sensitive patient data.
“Cyber threat actors do not typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network; most often, they simply log in with legitimate user credentials gleaned from previous data breaches,” said Al Martinek, customer threat analyst at Horizon3.ai.
“Once they gain initial access, they appear as legitimate users and can move laterally within a network to gain further access and establish persistence, steal sensitive data, bring down systems, and/or hold the organization hostage through ransomware.”
Read more on similar attacks: Ransomware Attack Against Barcelona Hospital Disrupts Operations
TGH said the compromised information varied by individual and included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance details, medical record numbers, patient account numbers, dates of service and limited treatment information used for business operations.
“This breach exposes patients to the risk of identity theft and financial fraud and undermines patients’ trust and confidence in the hospital’s commitment to data security,” commented Dasera CEO, Ani Chaudhuri.
“In light of this breach, all affected individuals should protect themselves immediately. Monitoring financial accounts closely, reviewing credit reports regularly, and remaining vigilant for any suspicious activity is crucial.”
The hospital clarified that its electronic medical record system remained untouched and secure throughout the incident.
Tampa General Hospital has reported the breach to the FBI, cooperating to aid in identifying the perpetrators behind this cyber-attack.
The attack on TGH comes weeks after a report by the European Union Agency for Cybersecurity (ENISA) unveiled on July 7 that ransomware makes up over half of all cyber-threats targeting the health sector in the EU.