The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is currently investigating an information technology (IT) breach at Tallahassee Memorial HealthCare (TMH). The breach, which has been designated as a hacking/IT incident affecting the network server, was submitted to the OCR on March 31, according to the Notice to the Secretary of HHS Breach of Unsecured Protected Health Information database.
The breach reportedly impacted 20,376 individuals, and TMH has initiated measures to notify those affected. The breach is believed to have occurred on February 2, 2023, when TMH experienced an IT event and subsequently entered downtime procedures. Unusual activity involving TMH’s computer systems was detected in the early morning of February 3, prompting the healthcare organization to take action to contain the activity and report it to law enforcement.
An independent investigation revealed that an unauthorized individual gained access to the Tallahassee Memorial HealthCare computer network and obtained certain files from the system between January 26 and February 2, 2023. As a result, letters were mailed to individuals affected by the incident to inform them of the breach.
A spokesperson for TMH stated that due to the confidential nature of the investigation, TMH is not able to provide further details at this time. However, TMH has posted a notice to its patients on its website, TMH.org, and has established a dedicated toll-free call center to address questions and concerns from patients.
TMH has advised individuals who may have been affected by the incident to remain vigilant and monitor their personal information for any signs of unauthorized activity. The TMH call center is available to assist those affected by the incident and can be reached at 1-888-567-0040, Monday through Friday between 9 a.m. and 9 p.m. Eastern Time.
In response to the growing number of cyber threats facing healthcare organizations, the U.S. Department of Health and Human Services has been actively working to provide guidance and resources to healthcare providers. These resources include best practices for securing health information, risk assessment tools, and educational materials to help organizations protect against cybersecurity threats.