TAMPA, Florida (FloridaToday.news) — A cyberattack on Tampa General Hospital went undetected for 18 days but was stopped before the data could be encrypted for ransom.
TGH reports that up to 1.2 million people may have been compromised.
“TGH reported this event to the FBI and provided information to support the investigation of the guilty criminal group,” the hospital said in a statement. “TGH reviewed the relevant file and determined that some patient information was included. The information varied by individual, but included names, addresses, phone numbers, dates of birth, social security numbers, health insurance information, medical record numbers, patient account numbers, service dates, and/or limited treatment information used by TGH for its business operations. The TGH electronic health record system was not used or used.
Retired U.S. Navy Admiral Mark Montgomery is a cybersecurity expert who advises the U.S. government on these issues. He is also the CEO of the Cyberspace Solarium Commission.
Montgomery said the attack is part of a growing trend of attacks on health care providers in the US.
“Hospitals and clinics are among the most vulnerable and weakly protected, a kind of Achilles heel of our national infrastructure as a whole,” he said.
TGH stated that their technology team was able to stop the attack before their data was encrypted and held for ransom.
Montgomery said he was lucky that the attack was stopped.
“Obviously if they could encrypt it and get the ransomware, it would have an impact on the infection rate in medical clinics and hospitals,” he said.
However, the attack took place 18 days before it was discovered and allowed cybercriminals to copy valuable information.
“Health insurance information is literally worth 50 to 100 times more than your credit card information on the dark web,” Montgomery said.
He said that anyone who is notified that their data was part of an attack should sign up for any free credit monitoring services offered.