Florida Healthcare Cybersecurity Breaches Expose Millions of Patient Records

Florida's healthcare sector has seen a surge in cybersecurity incidents, with recent breaches affecting over 4,000 patients at DermCare Management and Apollo Medical Supply. These incidents contribute to a growing list of 33 healthcare entities in Florida reporting breaches since July 2023, potentially exposing the data of more than 6.7 million patients. Notably, Tampa General Hospital settled a $6.7 million lawsuit linked to a 2023 hack impacting 2.1 million patients.

Cybercriminals in these cases have targeted patient data for identity theft and financial fraud, exemplified by a $3.6 million theft from Central Florida Cares Health System, a nonprofit providing behavioral health services. The breach involved fraudulent online banking access following an employee falling victim to a phishing attack, illustrating ongoing vulnerabilities in healthcare payments and access controls.

Other mental health providers such as Thriving Mind South Florida have also experienced unauthorized server access, exposing extensive patient information, including sensitive medical and financial data. Legal actions and notifications are underway in response to these breaches. The Florida Department of Health itself has been targeted, with HIV test results and medical records leaked online previously.

Experts highlight that healthcare organizations often lag behind sectors like finance and military in cybersecurity infrastructure and investment, increasing the risk of data breaches. Many healthcare entities reportedly use outdated systems that are vulnerable to cyberattacks. Enhanced employee training and upgraded technological defenses are recommended to mitigate risks, given that phishing remains a prevalent breach vector.

Healthcare providers like Tampa General Hospital emphasize ongoing efforts to strengthen cybersecurity measures, including system updates, increased monitoring, and defensive tools to prevent ransomware and data encryption attacks. However, the persistent targeting of patient data underlines a critical need for the industry to prioritize robust cyber risk management strategies to safeguard patient information and maintain service continuity.