A massive data theft affecting 1,357,879 people has been discovered by the Broward Health public health system. Broward Health is a Florida-based healthcare organization that has over thirty facilities that provide a variety of health services and over 60,000 annual admissions.

On October 15, 2021, the healthcare institution announced a breach in which an attacker got unauthorized entry into the hospital’s system and clinical information. Four days later, on October 19, the organization detected the infiltration and quickly contacted the FBI and the US Department of Justice.

At the same time, all staff was instructed to reset their user credentials, and Broward Health hired a third-party cybersecurity specialist to assist with the investigations. According to an analysis, the malicious hackers were able to gain access to patient’s confidential health information, which might include the following: Full name, Year of birth, Financial or bank details, Physical address, Phone number, Social Security number, Account number, and insurance details, Medical history and information, Diagnosis, treatment, and condition, Driver’s license number, and Email address.

Although Broward Health admits that the above information was stolen by a network intruder, it says that there’s no proof that the malicious hackers used it. The point of entry was identified as a third-party healthcare professional who was given access to the network in order to perform their services.

“In regard to this occurrence, Broward Health is adopting measures to avoid such incidents from happening again,” says the data breach notification to concerned patients and employees. “These measures include an active investigation, a password reset with strengthened security measures across the organization, and the introduction of multifactor authentication for all users of its systems.”

Because of the sensitive nature of the information disclosed, recipients of the alerts must be wary of all kinds of communication. Furthermore, the healthcare system is providing a two-year membership to Experian’s identity fraud detection and prevention services, with information on how to sign up included in the letter.

Forged information is constantly traded in secret dark web forums, so it may be too soon to notice signs of abuse in the wild, however, that doesn’t imply those who have been compromised should relax. These enormous databases are frequently subjected to a time-consuming review procedure in order to select specific high-value targets for social engineering or phishing attacks. As a result, expect a delay in using the stolen information.