Central Florida Inpatient Medicine (CFIM) is notifying 197,733 patients whose protected health information (PHI) was in an employee’s email account that was accessed by an unauthorized individual between August 21, 2021 and September 17, 2021.
CFIM does not indicate when they first discovered that there had been a breach or how they first discovered it. They do reveal that the types of PHI involved included names, dates of birth, medical information including diagnosis and/or
clinical treatment information, physician and/or hospital name, dates of service, and health insurance information. In a limited number of cases, they write, Social Security numbers, driver’s license numbers, financial account information, and usernames and passwords were also involved.
Since the date of this incident, CFIM has taken measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards on its email system, implementing multifactor authentication, and providing additional training to employees to increase awareness of the risks of malicious emails, they write.
Their full notification is linked prominently from the home page of their website. “For the limited number of individuals whose Social Security numbers were contained in the impacted account have been offered complimentary credit monitoring,” the notification states.