Healthcare services provider Florida Community Health Centers (FCHC) is notifying close to 300,000 individuals that their personal and health information was compromised in a June 2023 ransomware attack.
Discovered on June 13, 2023, the incident resulted in the information of current and former patients being compromised, FCHC told the affected individuals in a notification letter sent via mail, a copy of which was submitted to the Maine Attorney General’s Office.
While the supplemental notification letter does not detail the type of information that might have been compromised, FCHC notes on its website that it typically collects names, addresses, phone numbers, Social Security numbers, financial information, health information, medical information, driver’s license numbers, and other types of sensitive information.
FCHC says it has not received any reports of identity theft related to the incident, but is providing the impacted individuals with 12 months of complimentary credit monitoring and identity theft protection services.
The healthcare services provider has informed the Maine AGO that 296,635 individuals were affected by the data breach and that it started mailing the notification letters on July 1.
The reason it took so long to disclose the data breach, FCHC said, was that it conducted multiple investigations into the incident. While the initial investigation did not identify enough evidence, a second forensics investigation determined in October 2023 that specific access controls within its network were bypassed.
“Based upon the results of the forensic investigation and forensic analysis, FCHC conducted an internal review of the impacted data to determine what patient and/or employee sensitive information may have been accessed by the unauthorized for purposes of providing notice of the incident to the affected individuals,” the healthcare provider said.
The review was concluded in January and a data mining company was retained to review the compromised information. The data mining review was concluded in April.
FCHC refrained from sharing specific information on how the incident occurred or who might have been responsible for the attack. To date, no known ransomware group appears to have claimed responsibility for the incident.
Operating 16 locations across South Florida and employing more than 450 people, FCHC provides a broad range of health services, including primary care, chiropractic, dental care, and more.
Related: Landmark Admin Discloses Data Breach Impacting Personal, Medical Information
Related: Watch on Demand: Threat Detection and Incident Response (TDIR) Summit
Related: House Committee Hears Testimony on DC Health Data Breach
Related: North Dakota-Based Healthcare Billing Services Group Hacked
