Cyber Incident Victim: Florida Hospital

On or around May 3, 2018, Florida Hospital disclosed that malicious software had impacted several of its affiliated websites, potentially compromising patient information. The affected sites included FloridaBariatric.com, FHOrthoInstitute.com, and FHExecutiveHealth.com, which were subsequently taken offline for remediation. The health system announced the incident publicly on Wednesday afternoon but did not specify when the malware infection initially occurred or how it was detected. While the announcement confirmed the possibility of unauthorized access to patient data, Florida Hospital did not immediately release details regarding the number of individuals affected, the types of personal information exposed, or the specific malware variant involved. No evidence suggested the compromise extended beyond the three named websites to other hospital systems or electronic medical records.

The health system initiated containment measures by disabling the compromised websites for repairs, though the technical methods used to remove the malware remained undisclosed. As of the initial report date, Florida Hospital had not published an official breach notification on its corporate website or the impacted domains, nor had the incident appeared in the U.S. Department of Health and Human Services' breach reporting tool. This absence of documentation left the scope of the incident—including the timeframe of exposure, total patient impact, and data categories involved—unverified through regulatory filings. No additional information regarding forensic investigation findings, patient notification timelines, or mitigation efforts was publicly available at the time of initial media coverage. The incident remained under investigation with unresolved questions about its origin and full consequences.