Cyber Incident Victim: AdventHealth Foundation
Date:
Aug 2017
Location:
United States of America
Summary
A malware infection at AdventHealth's Pulmonary & Sleep Medicine Center in Florida compromised systems for 16 months, potentially exposing protected health information of approximately 42,000 patients. Unauthorized access enabled by the malware may have involved names, contact details, Social Security numbers, insurance information, medical histories, and demographic attributes like race and gender. The organization secured affected systems after discovery, initiated breach notifications, and offered impacted individuals complimentary credit monitoring and identity theft protection services. Additional safeguards and enhanced auditing measures were implemented to mitigate future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The AdventHealth Medical Group’s Pulmonary & Sleep Medicine center in Tavares, Florida, formerly known as Lake Pulmonary Critical Care, experienced a cybersecurity breach involving unauthorized access to its systems through malware. Hackers initially infiltrated the center’s systems in August 2017, but the malware infection remained undetected until December 27, 2018, resulting in a 16-month period of potential data exposure. Upon discovery, the organization removed the malware, secured its systems, and initiated an investigation to determine the scope of the breach and identify affected individuals. The investigation confirmed that attackers accessed sections of the system containing protected health information, potentially compromising data for 42,161 patients. The exposed information included names, addresses, email addresses, telephone numbers, dates of birth, health insurance details, Social Security numbers, medical histories, and demographic attributes such as race, gender, weight, and height. AdventHealth did not disclose the specific method of malware installation or the reasons for the prolonged detection timeline but acknowledged implementing additional safeguards and enhanced system audits to improve breach detection speed and prevent future incidents.
Breach notification letters were mailed to affected patients beginning January 25, 2019, detailing the compromised data types and the organization’s response. AdventHealth offered complimentary credit monitoring, fraud consultation, and identity theft restoration services through Kroll for a 12-month period to all impacted individuals. Patients were advised to monitor their insurance explanation of benefits statements for signs of misuse. The incident underscored risks associated with prolonged undetected system intrusions, though no evidence of actual misuse of data was confirmed in the available reporting. AdventHealth’s post-incident measures focused on strengthening cybersecurity protocols without specifying technical or operational changes beyond generalized system audits and safeguards. The breach highlighted the exposure of sensitive health and identity-related data across multiple categories, impacting a substantial patient population within a specialized medical practice.