Cyber Incident Victim: Tallahassee Memorial HealthCare

Tallahassee Memorial HealthCare (TMH) was notified by its third-party vendor, Jobscience, on September 26, 2018, regarding unauthorized access to applicant data processed through Jobscience’s online employment application management system. The breach impacted individuals who applied for employment with TMH between March 2005 and August 2018. Compromised information included first and last names, home addresses, dates of birth, Social Security numbers, email addresses, selected application passcodes, security questions and answers, and work history details. Jobscience, a subsidiary of Bullhorn, provided the platform used by TMH and other healthcare organizations to manage job applications. The breach was discovered by Jobscience, which then notified affected clients, including TMH, though the exact method or timeline of the unauthorized access was not publicly disclosed by the vendor or hospital.

The incident exposed sensitive personal identifiers and employment-related information, posing risks of identity theft and fraud for impacted applicants. As the breach involved job applicant data rather than patient health information, it did not qualify for reporting under HIPAA or appear on the U.S. Department of Health and Human Services’ public breach portal. Jobscience assumed responsibility for notifying affected applicants, though TMH’s disclosure did not specify whether credit monitoring or other remediation services were offered. The breach also affected other healthcare entities, including Huntsville Hospital (Alabama), NorthBay Healthcare (California), and El Centro Regional Medical Center (California), with varying exposure periods and data elements. DataBreaches.net contacted Jobscience for additional details but received no public response prior to the article’s publication. No further operational disruptions or financial impacts to TMH’s systems or services were reported in connection with the incident.