Tampa General Hospital this week started informing patients that their personal information was compromised in a ransomware attack. Approximately 1.2 million individuals are reportedly impacted.
In an incident notice on its website, the Tampa-based medical center announced that the attack was discovered on May 31, when its monitoring tools detected unusual activity on internal systems.
The healthcare services provider immediately activated its incident response plan and was able to contain the attack before any file-encrypting ransomware was executed.
“TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients,” the medical center announced.
The investigation into the attack revealed that the threat actors had access to the hospital’s systems for roughly three weeks, between May 18 and May 30.
During this time, the attackers accessed files containing patient information, including names, addresses, birth dates, phone numbers, Social Security numbers, health insurance details, medical record and patient account numbers, and some treatment information.
“TGH’s electronic medical record system was not involved or accessed,” the hospital says.
The company says it will send notification letters to those impacted. Reportedly, the attackers stole the data of roughly 1.2 million individuals.
The hospital may face a class action suit following the cyberattack.
“Attorneys working with ClassAction.org are now looking into the security incident and whether a class action lawsuit can be filed on behalf of affected individuals,” ClassAction.org announced.
SecurityWeek has emailed Tampa General Hospital for additional information on the attack and will update this article as soon as a reply arrives.
Related: Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
Related: Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
Related: Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches