Hillsborough notifies 70,000 of potential data breach in health, aging services

Hillsborough notifies 70,000 of potential data breach in health, aging services
The cyber attack involved a third-party file transfer service called MOVEit
Hillsborough County has notified 70,000 people that a global data breach may have put the personal and medical information at risk. [Luis Santana | Times (2016)]

Published July 14|Updated July 14
ADVERTISEMENT
Hillsborough County has notified more than 70,000 people that a global data breach may have put their personal information at risk.

The breach involved the MOVEit file transfer tool, a third-party service that complies with federal Health Insurance Portability and Accountability Act (HIPAA) regulations.

The breach also may have affected 106 people employed by a dozen vendors used by the county’s Aging Services Department.

A county news release said MOVEit, notified the county of a breach June 1 and staff began installing security measures. On June 18, the county’s cyber security staff learned files belong to the Health Care Services and Aging Services departments had potentially been at risk. The files contained protected health and personal information, including names, Social Security numbers, dates of birth, home addresses, medical conditions, diagnoses and disabilities.

Hillsborough County files were not specifically targeted in the cyberattack, but the county was potentially affected as a customer of MOVEit, according to the news release. The MOVEit breach also has hit higher education, health care and other institutions across the nation.

Hillsborough County Health Care Services oversees delivery and administration medical services including the county’s managed-care plan for residents who don’t qualify for other health care coverage. The breach also notified a dozen vendors that their employees, 106 in total, could have had their data compromised.

The county said it is unknown how many people might have had their health or identification information at risk, but it mailed notification letters to 70,636 people informing them of the breach.

The county also said it is notifying the credit monitoring bureaus about all those potentially impacted by the data breaches as well as the Florida Department of Legal Affairs/Office of Attorney General and the U.S. Department of Health and Human Services’ Office of Civil Rights.

For more information, residents can contact the county at the dedicated toll-free number 1-833-963-4357 between 8 a.m. and 5 p.m. Monday through Friday. The toll-free number will open at 8 a.m. Monday, July 17.