Florida’s Broward Health hospital system has notified employees and patients of a data breach that occurred on Oct. 15 and compromised a wide range of personal and medical information.

An attacker gained entry to the Broward Health network via the office of a third-party medical provider that was allowed access to the system to provide healthcare services, officials confirm in a disclosure of the incident. Broward Health detected the attack on Oct. 19 and contained the incident, alerted the FBI and Department of Justice (DoJ), required employees to reset their passwords, and hired an external security firm as part of its investigation, officials wrote.

Now, Broward Health is alerting patients and staff of the incident. Officials noted the DoJ had requested they delay this notification to ensure it doesn’t compromise the law enforcement investigation, which is still ongoing.

So far, analysis has revealed that personal data accessed includes name, birth date, address, phone number, financial or bank account information, Social Security number, insurance information and account number, driver’s license number, and email address, as well as medical data that includes history, condition, treatment and diagnosis, and medical record number.

There is no evidence that personal information has been misused, officials noted.

Read the full disclosure for more information.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source: www.darkreading.com