The Center for Digestive Health (CDH), a Florida-based healthcare provider also known as Gastroenterology Associates of Central Florida, suffered a data breach in April 2024, impacting over 120,000 patients.
The breach, which involved the theft of sensitive personal and medical information, highlights the ongoing vulnerability of healthcare organizations to cyberattacks.
CDH detected suspicious activity on April 11, 2024, prompting an immediate investigation with the assistance of cybersecurity experts. The investigation confirmed unauthorized access and the acquisition of files and data from their network.
The compromised data included names, Social Security numbers, dates of birth, and health information. The hospital reported the breach to the Office of Maine Attorney General and relevant law enforcement agencies.
The scale of the Florida Hospital Data Breach emphasizes the devastating impact of successful cyberattacks on healthcare providers.
The Breach’s Impact and the Response
“As a result of the investigation, the Clinic learned that an unauthorized actor accessed and acquired certain files and data stored within our network, as has occurred in many other businesses, banks, and large corporations in America.”
CDH’s statement reads.
At least 122,437 individuals were affected. While CDH found no evidence of data misuse, they advised affected individuals to monitor their credit reports and accounts, reporting any suspicious activity. They also provided one year of complimentary identity protection and credit monitoring services through IDX.
The hospital also took steps to enhance the security of its systems, stating,
“Upon detecting this incident, we deployed additional monitoring tools and will continue to enhance the security of our systems.”
This response, while important, underscores the need for proactive security measures to prevent such breaches in the first place. The incident serves as a reminder of the importance of robust cybersecurity practices and incident response planning for healthcare providers.
BianLian Ransomware’s Involvement
In May 2024, the BianLian ransomware group claimed responsibility for the attack, listing CDH as a victim on their data leak site. Following unsuccessful negotiations in June, they allegedly leaked 2.2 terabytes of stolen data. This highlights the increasing trend of ransomware groups targeting healthcare organizations for financial gain and the potential for significant reputational damage.
Helpful Reads:
