Tallahassee Memorial Healthcare (TMH) experienced a cyberattack in late January that forced it to operate under emergency downtime procedures for around two weeks. According to the TMH breach notification, unusual system activity was detected on February 3, 2023, and its systems were secured. A third-party cybersecurity firm was engaged to investigate the breach and determined that unauthorized individuals had access to its systems between January 26 and February 2, 2023, and exfiltrated files during that time. Cyberattacks such as this often involve ransomware, although it is unclear if ransomware was used in this attack. TMH did not share further information on the exact nature of the attack.
The review of the stolen files has now been completed and affected individuals started to be notified about the incident on March 31, 2023. The information that was viewed or obtained included names, addresses, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers and/or limited treatment information. TMH confirmed that its electronic medical record system was not accessed in the attack.
The data breach has been reported to the HHS’ Office for Civil Rights as affecting 20,376 individuals. Complimentary credit monitoring and identity protection services have been offered to individuals whose Social Security numbers were included in the breached data.