Social Security numbers, patient medical history and bank account information are among the data that have been exposed in the breach of Broward Health, a network of over 30 health care facilities serving patients across roughly 2 million-person Broward County, Florida, according to a notice the health care provider filed with the Office of the Maine Attorney General.
About 470 of the data breach victims live in Maine. Like other states, Maine law requires organizations that hold state residents’ personal data to file a disclosure when they’ve been hacked.
In the case of Broward Health, the incident did not appear to involve ransomware. Broward Health spokesperson Jennifer Smith told CNN in an email that the hackers did not make any ransom demand and that no ransom was paid.
“Patient care was not disrupted or impacted at any time during or following this incident,” Smith said.
Mark Krotoski, who is listed as an attorney for Broward Health in the breach notice, did not immediately respond to a request for comment.
The intruders accessed Broward Health’s computer networks via a “third-party medical provider,” according to the breach notice, an incident that highlights the exposure that hospitals and other organizations have to hackers via their supply chains.
“This personal information was exfiltrated, or removed, from Broward Health’s systems, however, there is no evidence the information was actually misused by the intruder,” the breach notice says.