Cyber Incident Victim: Florida Medical Clinic

On January 9, 2023, Florida Medical Clinic (FMC) identified suspicious activity within its computer network, prompting an immediate containment response. The organization engaged a third-party forensic firm to investigate the incident, which confirmed unauthorized actors had accessed its systems. The investigation revealed that attackers compromised files containing confidential patient information stored on FMC's network. While the specific duration of unauthorized access wasn't disclosed, the breach involved a ransomware attack that enabled data exfiltration. FMC's review of affected files determined the scope of compromised information, which included highly sensitive personal and medical data. The healthcare provider completed its forensic investigation and impact assessment before publicly disclosing the incident through regulatory filings approximately two months after detection.

The breached data encompassed patients' names, Social Security numbers, medical information, phone numbers, email addresses, dates of birth, and physical addresses. On March 10, 2023, FMC formally notified the U.S. Department of Health and Human Services Office for Civil Rights, reporting that 94,132 individuals were affected. Simultaneously, the organization began mailing individualized data breach notifications to impacted patients and posted a public "Notice of Florida Medical Clinic System Cyberattack" on its website. As a healthcare provider operating 50 locations across Florida with over 2,000 employees and $278 million in annual revenue, the breach exposed sensitive information of nearly 95,000 current and former patients. The incident demonstrated risks of identity theft and fraud associated with compromised healthcare data, though no specific fraudulent activities were detailed in the notification. FMC's response followed standard breach disclosure protocols without public elaboration on technical remediation measures beyond initial containment and forensic investigation.