Florida Senator Urges FBI to Prioritize Investigation of Tampa General Hospital Cyberattack
Senator Rick Scott (R-FL) has written to FBI Director Christopher Wray requesting the law enforcement agency prioritize the investigation of a major cyberattack on Tampa General Hospital (TGH) that involved the medical records of more than 1.2 million people and bring the perpetrators behind the cyberattack to justice.
The attack in question was discovered by TGH administrators on May 31, 2023, with the forensic investigation determining that hackers had access to its network for 18 days, having gained initial access to its network on May 12, 2023. The attackers attempted to encrypt files; however, TGH was able to prevent encryption but could not prevent the exposure of patient data. The compromised systems contained names, addresses, dates of birth, Social Security numbers, medical record numbers, health insurance information, and more.
While the cyberattack is significant due to the amount of exposed data, it is far from the only such attack on a U.S. healthcare provider in recent years. Senator Scott cites a ransomware attack on Scripps Health in California in 2021 in which hackers stole 150,000 patient records, the attack on CommonSpirit Health in 2022 that affected many critical healthcare services across the United States, and the attack on St. Margaret’s Health in Illinois which disrupted the hospital’s billing systems and contributed to the permanent closure of the hospital. In addition to causing financial harm to healthcare providers and threatening patient safety, the data stolen in these attacks can be used for further criminal activity causing financial harm to patients.
If the threat actors behind these attacks are not identified, arrested, and prosecuted, they will continue to conduct attacks that threaten patient safety, cause considerable financial harm, and it is inevitable that other healthcare facilities will be forced to close. “I urge you to assign all necessary resources at your disposal to prioritize the investigation of this incident and ask that you keep my office apprised of your progress,” said Senator Scott.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Many of these attacks are conducted by threat groups operating out of China, Russia, and North Korea, which do not have extradition treaties with the United States and that makes it difficult to bring the perpetrators to justice. Senator Scott said these attacks pose a clear and present threat to critical health systems and has requested answers from Wray on the actions being taken to counter these threats, such as how the FBI is coordinating with health systems to prevent cyberattacks, what the FBI is doing to coordinate investigations of healthcare cyberattacks, whether the FBI believes that the majority of the threat actors behind these attacks are operating from outside the United States, and if so, the countries where these cyberattacks are originating. Senator Scott also asked whether the FBI has sufficient resources to fully investigate these attacks and pursue the perpetrators and whether additional resources and authorities are needed.
