February 4, 2022

1.3M Patients’ Records Breached, Broward Health Hospital. What Should Victims Do Now?

By Timothy Shields.

The Broward Health hospital was breached October 15, 2021, exposing the intimate medical records of over 1 million people. An intruder gained access to the hospital’s network through a third-party medical provider.

It is massive breach surmounting to 1.3 million patients’ records such as medical history, names, addresses, phone numbers, Social Security numbers, and bank account information.

Even though they were aware of the breach in October, victims were in the dark for months, not being notified until January of 2022! With this huge data breach, the hospital should have alerted all victims involved, from patients to employees immediately. However, the Department of Justice had informed them to hold off the notifications for this will “ensure that the notification does not compromise the ongoing law enforcement investigation.”

The Broward Hospital had contacted a data review specialist to identify the amount of damage from this data breach incident. The hospital has made minimal amends through offering a 24 months of identity theft protection services through Experian. The protection includes a multi-factor authentication for system use and minimum-security requirements for devices outside the hospital’s management and want to access the network.

What can victims do?

It is very uncommon for a medical institution to be breached. All sensitive, very personal information is present on the hospital’s database. This unfortunate event has highlighted the risks of third-parties having access to systems and about the importance of data security, not only to healthcare institutions and provider but even the small start-up businesses.

All victims may have claims for damages and should contact a data privacy attorney to understand their legal rights.

Data security planning is vital when starting up and should be included in every business plans. The Broward Health hospital has partnered with Experian for a data protection plan, but it was after the incident.

This incident speaks to the importance of planning, partnering, and executing. Did negligence result in over 1 million people falling victim to their most intimate information being exposed? Data planning should come first.

Timothy Shields is a Partner at Kelley Kronenberg, focusing his practice on Technology, Data Privacy, and Social Media Representation. Tim serves technology companies as general counsel for a flat monthly rate based on the company’s needs starting at $1300/month.

Contact Timothy Shields at:
Phone: 833-830-HELP (4357)
Email: tshields@kklaw.com

DISCLAIMER: This article is provided as a courtesy and is intended for the general information of the matters discussed above and should not be relied upon as legal advice. Neither Kelley Kronenberg, nor its individual attorneys or staff, are responsible for errors, omissions and/or typographical errors – always seek competent legal counsel.