SCOMF Data Breach Leakes Floridians' Sensitive Health Data

On February 21, 2024, the Surgery Center of Mid Florida (SCOMF) experienced a significant data breach due to a network encryption event. This breach was discovered after unusual activity was detected on SCOMF's networks. The investigation, which involved cybersecurity experts and law enforcement, revealed that unauthorized users accessed SCOMF's network through its IT vendor. The IT vendor was initially hacked, and then the unauthorized user exploited the connection between SCOMF and the vendor's network to directly attack SCOMF's systems.

Although there is no evidence that specific patient information was accessed or exfiltrated, SCOMF has decided to notify all patients as a precaution due to the encryption of its system. The types of personal information that may have been involved include:

• Patient demographic information, such as names, addresses, and dates of birth
• Health information, including medical history, diagnoses, treatments, and dates of service
• Health insurance information, such as account numbers, insurance policy numbers, billing, and claims information
• Financial account information, including Social Security numbers

The breach was disclosed to the Massachusetts Attorney General's office, and the disclosure document is available for public review.

Surgery Center of Mid Florida's Response

In response to the data breach, SCOMF has taken several measures to enhance its data security. They have transferred their business to a different IT vendor and implemented additional safeguards to improve data security on their web server infrastructure. This includes replacing and enhancing all firewalls and transitioning all data to a secure, cloud-based electronic health record system and practice management software.

Additionally, SCOMF is notifying certain federal and state regulators as required by law. They are also providing affected individuals with 24 months of identity theft protection services through IDX, A ZeroFox Company. These services include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.

Steps to Take if You Are Affected

If you are a patient of SCOMF and believe you may be affected by this data breach, there are several steps you can take to protect yourself:

1. Enroll in Identity Theft Protection Services: SCOMF is offering 24 months of free identity theft protection services through IDX. You can enroll by visiting IDX's enrollment page or by calling their toll-free inquiry line at 1-888-974-9414. The deadline to enroll is October 22, 2024.
2. Monitor Your Accounts: Keep a close eye on your account statements and credit reports for any suspicious activity. If you detect any unusual transactions, notify your financial institution immediately.
3. Place a Security Freeze: You can place a security freeze on your credit reports to prevent unauthorized access. This can be done by contacting each of the three major credit bureaus: Equifax, Experian, and TransUnion.
4. Place a Fraud Alert: You can also place a fraud alert on your credit file, which will prompt creditors to take additional steps to verify your identity before granting credit. This can be done by contacting any of the three major credit bureaus.
5. Report Suspicious Activity: If you believe you are a victim of identity theft, report it to the Federal Trade Commission at identitytheft.gov and consider filing a police report.