The personal health information of about 1,000 patients at health centers in Palm Beach County, Fla., has been compromised.
Federal law enforcement officials told the Florida Department of Health in Palm Beach County they had obtained a list of likely patients of the county's health clinics. The information included names, dates of birth, Social Security, Medicaid, phone and medical record numbers, according to a news release.
But how the list was compiled or what its holders planned to do with the information is unknown to local health officials.
"The feds obtained this list. We don't know how," said Tim O'Connor, spokesman for the agency, which was asked to cross check the list and determine whether the information belonged to their patients. "And it turned out to be our patients,” he said.
Florida has a statewide electronic health record system for its public health clinic network operated in each of its 67 counties, O'Conner said, but it's unclear whether the EHR has been hacked.
Palm Beach County operates seven clinics that provided care to 60,000 discrete clients last year, he said.
County authorities were notified about the breach in mid-February. Mailings were sent out last week, notifying the affected patients and providing them with information on how to obtain and review their credit histories and to report suspicious activities to law enforcement.
In 2012, Florida police stopped income tax fraud activity that would have obtained similar data sets from elderly patients.
That same year, the Palm Beach County Health Department caught an employee attempting to mail via UPS a handwritten list of identifiable information on about 80 patients.
Two people were arrested, O'Conner said. Their intended targets were young people with low incomes who would use a 1040 EZ tax return, he said.