Orlando Family Physicians has begun notifying patients of a recent cyberattack that may potentially impact 447,426 individuals, according to US Department of Health and Human Services Office for Civil Rights. The protected health information (PHI) of patients may have been leaked, leading to serious privacy risks for those affected.
The Orlando Family Physicians statement to patients on the organization’s website describes “a recent phishing email incident that potentially resulted in unauthorized access to personal information of four employees’ email accounts.” The personal data possibly at risk may include:
- Names
- Demographic information
- Diagnoses
- Provider names
- Prescriptions
- Health insurance information
- Patient account numbers
- Medical record numbers
- Passport numbers
Orlando Family says the cyberattack occurred on April 15, 2021, and that “an unauthorized person accessed the email account of an OFP employee by obtaining the employee’s user ID and password through a phishing email.”
On July 9, 2021, Orlando Family Physicians compiled a list of potentially impacted patients, prospective patients, employees and other individuals whose personal information was included in four hacked email accounts. The intention of the hacker was possibly targeting Orlando Family itself and not the stored data, however the unauthorized person had access to personal information, and it is unknown at the moment whether or not that data will be misused.