Hillsborough County officials have revealed that more than 70,000 people will receive letters warning them about a potential risk to their personal information after a global data breach. The breach involved the MOVEit file transfer tool, a HIPAA-compliant third-party file transfer service provider.
The county’s cybersecurity team swiftly responded to the breach, installing security patches and continuing to work on additional measures to address the issue.
Upon learning about the breach on June 18, the cybersecurity team and Hillsborough’s HIPAA officer reviewed affected files and found that data from the Healthcare Services and Aging Services departments may have been impacted.
These files could have contained sensitive health and personal information, including names, social security numbers, dates of birth, addresses, medical conditions, diagnoses, and disability codes. While Hillsborough County was not the specific target of the cyberattack, it was potentially affected as a MOVEit customer.
The breach may also have impacted Aging Services vendor employees, and the county officials have notified 12 vendors to inform their employees about the potential exposure of their information. Notification letters have been sent to 70,636 individuals, including clients of Healthcare services and vendors of aging services, who are known to be affected.
Officials urge anyone who receives a notification to place a fraud alert on their credit report by calling toll-free numbers of major credit bureaus, Equifax, Experian, and TransUnion, while also offering a toll-free helpline for any questions or concerns.
