Posted On March 28, 2023 Consumer Privacy & Data Breaches
March 28, 2023 – After learning that access had been acquired by an unauthorized party to the company’s computer system as a result of a ransomware assault, Florida Medical Clinic, referred to as “FMC,” filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) on March 10, 2023. The issue led to unauthorized access to customer names, dates of birth, addresses, Social Security numbers, phone numbers, email addresses, and medical information, according to the company’s report. After confirming that customer data had been compromised, FMC started notifying all 94,132 individuals who had been affected by the breach.
The data breach lawyers at Console & Associates, P.C. are now investigating the Florida Medical Clinic data leak. If you have received a breach notice and are interested in the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can go over your legal possibilities for obtaining financial compensation from FMC.
Florida Medical Clinic is a healthcare provider with headquarters in Zephyrhills, Florida, and 50 facilities offering primary care and specialized care to patients around Florida, including Zephyrhills, Lutz, Brandon, Trinity, and Tampa. Established in 1993, Florida Medical Clinic employs over 2,000 people and generates approximately $278 million in revenue annually.
According to the company’s filing with the HHS-OCR and a “Notice of Florida Medical Clinic System Cyberattack” placed on the FMC website, on January 9, 2023, the company discovered irregular activity occurring on its computer network. As a result, the company ensured the security of its system and hired third-party forensic experts to help with the investigation.
The investigation revealed that unauthorized individuals were able to access certain files containing private patient information that was kept on the FMC system. Florida Medical Clinic started to examine the affected files after learning that private patient information had been made available to an unauthorized source. This was done to ascertain what information had been hacked and whose clients were impacted. Consumers’ names, dates of birth, addresses, Social Security numbers, phone numbers, email addresses, and medical information could all have been compromised, however, the specifics depend on the individual.
On March 10, 2023, Florida Medical Clinic sent data breach notification letters to all individuals whose confidential information was exposed in the leak. About 94,132 people were reportedly impacted by the Florida Medical Clinic data breach, according to the HHS-OCR.
If Florida Medical Clinic notifies you of a data breach, it means that your personal information was among the compromised data. There is a potential that your identity and Social Security numbers are now in the hands of a third party.
Hackers frequently sell the information they have gained through a data breach on the dark web in order to generate money or steal identities. Consumers can take precautions to decrease their risk of having their identities stolen, but there are no real preventative steps they can take to stop their information from being released.
There are a few things you should do immediately if your data has been compromised. If your bank accounts or Social Security number have been compromised, you might want to take additional security measures since this list is not all-inclusive.
Businesses will warn those affected if a data breach occurs and someone’s personal information is exposed. In these letters, important information concerning the incident is included, including how your information was obtained, the precautions FMC is taking to protect your data going ahead, and whether any impacted people have ever been the victims of fraud or identity theft. Obtain all the details from the letter about the data breach so you can make a decision about what to do next.
If a data leak exposes your personal information, you should change the passwords for all of your online accounts. Even if you are aware of which of your accounts have been compromised, change the passwords on all of them. Hackers can gain access to any account and obtain vital information about a client.
Hackers will act fast once they obtain your personal information, so users won’t be able to deactivate their accounts and stop the usage of the stolen data. The information the hackers stole from FMC might not be all they needed to carry out their intended activities. If so, it can take them a few weeks or even months to use your information because they’ll need to have enough time to collect all the relevant information. Be alert and keep an eye out for any strange activity in your accounts.
In contrast to credit monitoring, credit freezes and fraud alerts are free services offered by the big three credit agencies. Businesses cannot check your credit without your permission if your credit is frozen. Although a credit freeze may seem drastic, the Identity Theft Resource Center claims that it is the most effective way to prevent fraud after your personal information has been compromised. A fraud alert is sent to businesses that check your credit to let them know that someone might be attempting to exploit their data fraudulently.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Florida Medical Clinic data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the notice posted on their website:
Florida Medical Clinic has confirmed that unauthorized individuals gained access to its computer network and used ransomware to encrypt files. Florida Medical Clinic security teams detected suspicious activity on January 9, 2023, and steps were immediately taken to contain the cyberattack. The incident was fully contained within hours, and Florida Medical Clinic was able to proactively isolate the exposure. Third-party forensic cybersecurity firms were engaged to investigate the potential breach.
The forensic investigation was robust and ultimately determined that while the unauthorized user accessed certain files containing personal information, the Florida Medical Clinic electronic health record (EHR) systems remained secure and were not exposed in the breach. There is no evidence that any of the accessed information has been improperly used, and Florida Medical Clinic has secured evidence that all of the stolen files were permanently deleted. We feel strongly that any information obtained was not used for malicious intent. Nevertheless, we are notifying you of this event.
Florida Medical Clinic and our third-party forensic cybersecurity firm has conducted a thorough review and determined that 94,132 files were exposed, which contained limited personal information. Fortunately, the overwhelming majority of the files — over 95% — included only an individual’s name and no other personally identifiable information. The remaining files may have included information such as medical information, phone number, email address, date of birth, and address. Only 115 patient Social Security numbers were compromised. Fortunately, we have no evidence that any patient’s bank account, credit card, or other financial information was compromised.
We are in the process of notifying patients whose information was involved. Any patient who wants additional information may contact the Florida Medical Clinic administrative office at (813) 367-0016 or Toll Free at (833) 967-5779, Monday through Friday between 8:00 a.m.- 5:00 p.m. Below are additional steps that patients may wish to consider in order to protect their personal information and guard against identity theft.
Florida Medical Clinic values your privacy, and we deeply regret that this incident occurred. Since this event, Florida Medical Clinic has worked with our outside security consultant to implement additional cybersecurity measures to prevent recurrence of such an attack and to continue to protect the privacy of our valued patients, including replacing certain components of our system and changing the remote access protocols for our systems. We appreciate our patients for entrusting us with their care and for trusting that we remain committed to that care and to following through with the protocol for handling this unfortunate situation.