The Broward Health hospital system has notified over 1.3 million patients that their personal information was exposed in a data breach dating back to Oct. 15.
The Florida hospital system said on Saturday (Jan. 1) that names, addresses, phone numbers, Social Security numbers, bank account information and medical history data were all included in the breach. However, there still isn’t a consensus on how many people have been impacted.
Broward Health said an intruder gained entry to the network on Oct. 15 from the office of a third-party medical provider. A few days later, on Oct. 19, Broward Health discovered the intrusion, alerted the authorities and required all employees to reset their passwords.
The hospital system reportedly waited so long to alert employees and patients because the Department of Justice told them to hold off on sending out breach notification letters. This was to “ensure that the notification does not compromise the ongoing law enforcement investigation.”
In addition, the statement said Broward Health had contacted a data review specialist to see what was impacted.
As a way to make amends, the hospital will offer 24 months of identity theft protection services through Experian. It has also added multifactor authentication for system use and minimum-security requirements for those devices that can access the network but aren’t managed by the hospital.
PYMNTS writes that T-Mobile was another company that recently suffered a large data breach.
See also: T-Mobile Data Breach to ‘Small’ Number of Customers Caused by SIM Swap Attacks
The carrier said it was aware that SIM swap attacks had taken place, meaning when customers are persuaded by scammers to switch phone numbers and inadvertently let the attackers take over.
T-Mobile said in late December that the issue had been fixed, but did not offer details as to how many customers were affected.