A “criminal group” stole confidential information of about 1.2 million Tampa General Hospital patients, including Social Security numbers, the hospital announced Wednesday.
The theft of information came to light after the hospital detected “unusual activity” on its computer systems on May 31. An investigation aided by a third-party forensic firm found that an unauthorized user obtained access to data files over a three-week period through May 30.
The data that was compromised varies by individual, the hospital said, but may have included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and limited information about treatment.
The hospital said its medical record system was not accessed.
Tampa General reported the data breach to the FBI and is providing support to the agency as it investigates the crime, according to a statement released by the hospital. It said that its security systems prevented any attempt to encrypt its data, a common tactic used by hackers to deny an organization access to its own data unless it pays a “ransom.”
“TGH considers the health, safety and privacy of patients and team members a top priority,” the release said. “The hospital is continuously updating and hardening systems to help prevent events such as this from occurring and has implemented additional defensive tools and increased monitoring.”
Tampa General plans to mail letters to individuals whose information may have been compromised. It said it will provide complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were accessed.
Patients with questions can visit TGH’s website at tgh.org/cybersecurity-notice for more information.
The hack comes less than two weeks after HCA Healthcare reported that data on roughly 11 million of its patients across 20 states, including Florida, was stolen and posted on an online forum.