TMH: Hacker obtained patient data, possibly including SSNs and medical record numbers

Thousands of TMH patients may have had their data compromised during February's IT attack.
Published: Mar. 31, 2023 at 3:36 PM EDT|Updated: Mar. 31, 2023 at 6:44 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn

TALLAHASSEE, Fla. (WCTV) - Nearly two months after Tallahassee Memorial Healthcare was paralyzed by an IT attack, the hospital announced a hacker obtained personal information for thousands of patients.

TMH said in a statement Friday it began mailing letters to about 20,000 patients whose confidential information may have been compromised in the attack. The hacker accessed the materials over seven days before being detected, according to the statement.

Investigations indicate an “unauthorized person intermittently accessed the files” between January 26 and February 2, a hospital spokesperson told WCTV.

The hospital system detected the security breach early February 3, “contained” the attack, and contacted law enforcement, the statement said.

Receccah Lutz, TMH director of marketing and communications, wrote in an email that the hospital reported the hack to the “appropriate state and federal law enforcement agencies,” but declined to disclose the specific groups or lead investigator.

All people with valid mailing addresses in the hospital’s systems should be notified by early next week, Lutz wrote. If a person has not received a letter by April 14 but believes their data could have been included in the security breach, she encouraged the individual to contact TMH’s toll-free call center at 1-888-567-0040.

TMH officials declined to interview on camera after releasing the statement.

According to the statement, personal data that may have been compromised in the breach includes:

  • Social Security numbers
  • Medical record numbers
  • Health insurance information
  • Patient account numbers
  • Names
  • Addresses
  • Dates of birth
  • “Limited treatment information related to care received at TMH”

It is unclear how the hacker penetrated the healthcare system’s security. Lutz declined to comment on if the perpetrator has been identified, but she confirmed that no employees were connected to the breach.

“Due to the confidential nature of the investigation into this event, we are not able to provide additional details. Law enforcement is aware and investigating,” she wrote.

The hospital said no financial account or payment card information was accessed, and electronic medical records were not involved.

TMH announced it is offering complimentary credit monitoring and identity protection services to those who had their SSN compromised. Instructions for how to access these services will be included in the letters mailed out today, Lutz said.

Patients affected by the attack can call a toll-free phone line the hospital created, according to the release. Individuals impacted can call 1-888-567-0040 on Monday through Friday, between 9 a.m. and 9 p.m. EST.

This is a developing story.

To stay up to date on all the latest news as it develops, follow WCTV on Facebook and on Twitter.

Have a news tip or see an error that needs correction? Write us here.