September 25, 2022

Volume XII, Number 268

Advertisement

September 23, 2022

Subscribe to Latest Legal News and Analysis

September 22, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Broward Health Data Breach Affects 1.3 Million Individuals

On January 1, 2022, Broward Health, which operates dozens of health care facilities in Broward County, Florida, notified over 1.3 million individuals that a threat actor gained access to and removed data from its system on October 15, 2021. The data exfiltrated and compromised included individuals’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, financial, insurance and medical information.

According to the notification letter, “the intrusion occurred through the office of a third-party medical provider who is permitted access to the system to provide healthcare services.”

Broward Health is offering the affected individuals credit monitoring. Following the incident, it required a password reset of its users, and implemented multi-factor authentication (MFA) “for all users of its systems.” It also disclosed that it is implementing “minimum security requirements” for devices that have access to its network that are not managed by its internal IT professionals.

Reading between the lines and purely speculating, my guess is that the incident occurred through a third-party medical provider’s device that had access to Broward Health’s system, but that had not deployed MFA, causing or contributing to the intrusion. This breach shows how a third-party can cause an incident if they have access to your network but do not have the same or similar security measure in place as you, and highlights the importance of identifying all users/devices with access to your network, and requiring all users to implementation of security measures consistent with your own.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 6
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement