Tallahassee Memorial HealthCare (TMH), a community healthcare system in Florida, has announced that an unauthorised person gained access to its computer network and obtained certain files from its systems between 26 January and 2 February.
The data breach compromised the personal and medical information of approximately 20,000 individuals, including names, addresses, birthdates, Social Security numbers, health insurance information, medical record numbers, patient account numbers, and some treatment information related to care received at TMH.
However, the organisation has confirmed that no financial account or payment card information was affected, and TMH’s electronic medical records were not involved in the compromise.
TMH first detected the unusual activity involving its computer systems on 3 February, prompting it to operate under its “IT system downtime protocols” for about two weeks. During this time, TMH used paper documentation instead of electronic health records, diverted some emergency patients to other facilities, and cancelled or postponed nonemergency surgical and outpatient procedures.
The organisation has not yet confirmed whether the incident involved ransomware, but it has worked with law enforcement and state and federal agencies to manage the investigation and recovery from the incident.
This incident is part of a larger trend in 2023, with at least six U.S. healthcare systems with a total of 14 hospitals being affected by ransomware, and at least five of those organisations experiencing data theft, according to Brett Callow, threat analyst at security firm Emsisoft.
The healthcare industry remains a target for cyber criminals, and it is crucial for healthcare organisations to take necessary measures to protect patient data and ensure continuity of patient care during and after cyber attacks.