Shands data breach affects 941 patients

UF Shands Hospital
UF Shands Hospital.
Courtesy of UF Health

A 14-month data breach potentially affected 941 UF Health Shands patients.  

According to a press release sent on Wednesday morning, Shands learned on Aug. 9 that an employee may have inappropriately accessed medical records information outside the scope of their job duties for 941 patients between Aug. 21, 2021, to July 21, 2022.

All affected patients have been notified by mail about the incident and the individual involved is no longer employed by Shands, according to the press release.

Shands said it is investigating the incident to determine the certain patient demographic information accessed, including name, date of birth, mailing address, phone number, medical record number, physician’s name and clinical information, such as date visits and diagnosis/conditions. Some instances may have involved the insurance group and subscriber/policy numbers.

Become A Member

Mainstreet does not have a paywall, but pavement-pounding journalism is not free. Join your neighbors who make this vital work possible.

The release indicates that no Social Security numbers were involved.

After discovering what occurred, Shands started investigating what information had been breached and terminated the employee’s access to all medical records and other information systems.

Shands said it engaged a data breach recovery expert and has reached out to all affected patients and regulatory officials regarding the incident. At this time, Shands doesn’t believe the information was used or disclosed by the employee but is offering free identity theft protection services, including credit monitoring, to all patients potentially involved.

Shands has provided a dedicated toll-free number at 1-833-903-3648 with voice response and live agents to assist from 9 a.m. to 9 p.m. EST, Monday through Friday, for patients who did not receive a notification letter and would like to know if their information was affected.  

Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments

Was the employee terminated and also the person responsible for allowing the employee to have access? This is exactly why the electronic records requirements in Obama care are such a disaster, and exactly why government-controlled healthcare is a terrible idea.