Hillsborough County has notified more than 70,000 people whose information may have been compromised by a global data breach that has affected the county, according to a news release.
“It is unknown how many people might have had their health or identification information compromised, but in an abundance of caution, Hillsborough County has mailed notification letters to clients of Healthcare Services and known affected vendors of Aging Services – a total of 70,636 people – of the data breach,” the county’s news release said.
The county also is notifying the credit monitoring bureaus of all those potentially impacted by the data breaches, as well as the Florida Department of Legal Affairs/Office of Attorney General and the U.S. Department of Health and Human Services’ Office of Civil Rights.
The county also is advising those who were notified of the potential breach to consider taking these steps to protect themselves from potential fraud:
- Call the toll-free numbers of any one of the three major credit bureaus to place a fraud alert on your credit report. This can help prevent thieves from opening additional accounts in your name. (As soon as one credit bureau confirms your fraud alert, the other two credit bureaus automatically will be notified to place alerts on your credit report as well.)
Here are the credit bureau numbers:
- Equifax: 1-866-640-2273; Equifax.com
- Experian: 1-888-EXPERIAN (397-3742); Experian.com
- TransUnion: 1-800-680-7289; Transunion.com
When you establish a fraud alert, you will receive a follow-up letter that explains how to receive a free credit report, according to the county’s news release.
When you receive your credit report, the county advises you to be sure to examine it closely for signs of fraud, such as credit accounts that are not yours. Continue to monitor your credit reports.
Even if a fraud alert has been placed on your account, you should continue to monitor your credit reports to ensure that an imposter has not opened an account with your personal information, the news release added.
The county was notified on June 1 about the global data breach, involving the MOVEit file transfer tool, according to the release.
When the county was notified, its cyber security staff immediately contacted the company for additional details and instructions and installed all updated security patches as provided by the vendor, the release added.
During the next two weeks, county staff continued to work with the vendor on additional security patches and received more information.
The cyber security staff learned on June 18 that Hillsborough County files could have potentially been impacted by the breach and in coordination with the County’s HIPAA Officer reviewed the affected files.
A determination was made that the files belonged to the Healthcare Services and Aging Services departments and potentially contained protected health information and personal information, the news release added.
Protected health and personal information could include first and last names, Social Security numbers, dates of birth, home addresses, medical conditions and diagnoses, and disability codes, according to the release.
Hillsborough County files were not specifically targeted in the cyberattack, but as a customer of MOVEit, the county potentially was affected.
Individuals with questions may reach out for more information. For additional details, call the county’s dedicated toll-free number 1-833-963-4357 between 8 a.m. and 5 p.m., on Mondays through Fridays.
Published July 26, 2023