TAMPA, FL (FloridaToday.news) – More than a million patients and staff were affected by a data breach at Tampa General Hospital (TGH) earlier this year.
On Wednesday, the hospital announced that hackers had accessed the personal information of 1.2 million people during what it called a “recent cybersecurity event” that lasted 18 days.
The hospital detected unusual activity on May 31, according to a TGH spokesperson. An unauthorized third party gained access to their computer systems to steal various files between May 12 and May 30.
New details emerge after suspect stabbed to death in Tampa shootout
According to TGH, these files could contain “names, addresses, phone numbers, dates of birth, social security numbers, health insurance information, medical record numbers, patient account numbers, service dates, and limited treatment information used by TGH for its business operations.”
The hospital’s electronic medical records system was not implicated in the data breach.
Cybersecurity expert Dr. Thomas Hislip told 8 On Your Side that the situation looks like a ransomware attack that was stopped before it was too late.
“Now it’s the standard,” Hyslip said. “They steal files, encrypt everything, and then blackmail. This way they were able to prevent encryption and didn’t have to pay a ransom to get their files back.”
A TGH spokesperson said the encryption “would have significantly disrupted the hospital’s ability to care for patients,” but their monitoring system and cybersecurity team were able to thwart the attack.
The hospital sends out letters to notify patients and staff affected by the breach. It will provide credit monitoring and identity theft protection services to anyone whose social security numbers have been disclosed.
TGH also urged patients to check the records of their health care providers and insurance companies to ensure they are only being billed for the services they have received.
Highslip said anyone affected by the data breach should keep a close eye on their credit report to check for unusual activity. For added security, they can also call credit bureaus and request a loan freeze, which will prevent new accounts from opening.
The data breach is being investigated by the FBI.