14 DAY TRIAL // Patients of the Florida Hospital had their personal info exposed from January 2012 until May 2014, due to activity performed by two employees outside their job duties.
During a separate investigation conducted by law enforcement, it was discovered that medical records summaries, called “facesheets,” of Florida Hospital patients had been printed.
Two workers at fault
As soon as the hospital officials learned about the inadequate actions and the identity of the individuals carrying them out, the employment contracts of two workers were terminated.
It is unclear what type of info the leaked facesheets contained exactly, but they may have included names, addresses, social security numbers, phone numbers, emergency contact details, health insurance data, and certain health information such as physician names and diagnoses.
This is more than enough for cybercriminals to be able to apply for credit in the names of the affected patients or to deploy scams leveraging these details.
The number of individuals impacted by the incident has not been disclosed in the notification about the data leak, but online reports talk about as many as 9,000.
Law enforcement prevented earlier notification of patients
As far as the delay in alerting the patients that their data may have been exposed, Florida Hospital said that revealing this information was under a “law enforcement hold,” which prevented it from going public.
This happens when an investigation is ongoing and details about the incident could hinder the activity of the police or influence the successful closing of the case.
Florida Hospital said that notification letters started to be sent to the impacted individuals on Friday. Anyone believing to be a victim of this incident and not receiving the letter by April 16 should call a special phone line set up specifically for offering more details about this event.
Also, to defend its patients from fraud, the hospital provides identity theft protection and credit monitoring services. No details have been offered about the period of time these services would be active for.
Among the actions taken by the health care institutions to make sure that such an incident is not repeated in the future, there is reinforcing education on the staff about the importance of patient information.
We have included the original notification from Florida Hospital below, since it cannot be accessed from all parts of the world.