Getty Images/iStockphoto

Health Cyberattack Exposes PHI for 45K at Florida Heart Associates 

A recent health cyberattack exposed the PHI of over 45,000 patients in Florida.

Florida Heart Associates is notifying over 45,000 individuals about a health cyberattack that exposed their protected health information (PHI.) 

A total of 45,148 individuals are affected by this recent cyberattack, according to the US Department of Health and Human Services Office for Civil Rights. 

“It is possible that our patients’ Social Security number, member identification number, date of birth, and health insurance information may have been seen or accessed,” a Florida Heart Associates’ press release states.  

Florida Heart Associates (FHA) notified the Department of Health and Human Services Office for Civil Rights on July 7 and announced the security incident in a press release on July 14.  

The cyberattack occurred between May 9 – 19, 2021, and FHA, which has offices in Cape Coral and Fort Myers, Florida, said it became aware of the attack on May 19, according to the press release. 

"We immediately engaged a team of experts and law enforcement to mitigate the effects of the incident, secure personal information, restore IT functions, and protect FHA’s servers from future incidents,” the release states.  

“Our investigation revealed that malicious actors may have gained access to our network between May 9 and 19, 2021,” it states. “FHA security systems diminished the impact of the intrusion; however, an unknown actor still gained access to company servers and may have obtained information within.” 

There has been no “indication that patient information has been misused by an unauthorized individual.”  

FHA said the investigation into the cyberattack is ongoing and “we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security.”  

The healthcare facility installed "an endpoint detection and response tool, strengthened our system’s architecture, and implemented stronger policies to prevent future attacks.”  

“We encourage our patients to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious activity,” the release states. 

Patients with questions or concerns related to the data incident can call the incident call center at 1-855-545-1951, from 9:00 am to 6:30 pm EST, Monday through Friday. 

Next Steps

Dig Deeper on Health data access & privacy