Tampa General Hospital in Florida was hit by a cyberattack during three weeks in May, according to a statement issued by the hospital earlier today. The incident, discovered on May 31, affected approximately 1.2 million patients.
According to reporting by Christopher O’Donnell of the Tampa Bay Times, the types of patient information varied by patient but may have included names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and limited information about treatment.
The hospital’s statement did not name the attackers, but as DataBreaches reported yesterday on Infosec.Exchange, Snatch Team had added the hospital to its leak site.
The hospital’s statement today was silent on the issue of any ransom demand, but noted that their security had been able to prevent the encryption of any of their files.
Snatch Team did not provide any proof of claims with their listing, which is fairly typical of how they first add victims to their leak site, but they claimed that they had acquired 4 TB of files from the hospital.
The hospital has created a webpage with information on the incident and will be sending individuals notification letters with an offer of credit monitoring and identity theft protection services to those whose Social Security Number was involved.
Update: Nokoyawa threat actors also added Tampa General Hospital to their leak site on the dark web, and also without any proof of claims. DataBreaches reached out to Snatch, Nokoyawa, and the hospital to ask for clarification.
Neither Snatch nor Nokoyawa have responded to inquiries by this publication, but a hospital spokesperson did confirm to DataBreaches that there was only one incident in which data was exfiltrated, the hospital has not paid any ransom demand, and is cooperating with the FBI in its investigation.
So did Snatch and Nokoyawa collaborate on the breach or is there some other explanation for why both leak sites are listing this incident? DataBreaches will continue to try to find an explanation for that.