Florida patients among victims of spate of data hacking
TAMPA — A criminal group now being pursued by the FBI had access to Tampa General Hospital’s computer system for three weeks.
Its attempt to encrypt and ransom the hospital’s data — which could have significantly impeded care of patients — was thwarted by internal security measures. Nonetheless, hackers were still able to download personal data on 1.2 million patients.
The crime is among a spate of recent data breaches affecting Florida patients. HCA Healthcare in July reported that an unauthorized user stole data on about 11 million patients in 20 states, including Florida, and posted it on an online forum. And this week, Johns Hopkins Health System, which runs All Children’s Hospital in St. Petersburg, reported the theft of personal information on 310,000 patients, including almost 10,000 from Florida.
Nationwide, more than 50 million patient records were compromised in 2022, according to analysis by cybersecurity firm Critical Insight. The records of more than 3.4 million Florida patient have been compromised this year and 36 data breaches are still under investigation, according to the Department of Health and Human Services, suggesting that health care firms will continue to remain a favorite target of hackers.
The health care sector is perceived as being more vulnerable than those in the finance, defense or aerospace sectors, said Joe Partlow, chief technology officer at ReliaQuest, a firm that provides computer security guidance to banks, utility companies and health care providers among others. Finance firms tend to invest more in security measures, in part because of regulations, he said. Health data also typically includes Social Security numbers and insurance details prized by hackers.
”They are a good target,” he said. “They know it’s a good trove of personal data.”
The damage is not just to patient confidentiality. The average cost of a health care breach rose to $11 million this year, a 53% increase since 2020, according to an IBM report.
Phishing emails that entice employees to enter log-ons and passwords are still the primary means used by hackers to gain access to computer systems, Partlow said.
Once they have broken in, one tactic is…
