FPS Medical Center notified, on 2 May 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting  28,024 individuals. In particular, FPS Medical Center stated that it had first identified the incident on 3 March 2022, and that it had immediately proceeded to launch an investigation to determine the scope of the event.

In light of the investigation, FPS Medical Center explained that its systems had become encrypted with malware and, as such, had been accessible to an unknown actor between 28 February 2022 and 3 March 2022. Additionally, FPS Medical Center noted that, although there is no indication that any information was misused as a result of this incident, patient information present in the impacted systems during the event included: full names, addresses, dates of birth, driver's licences, medical information, health insurance information, and social security numbers.

Lastly, FPS Medical Center noted that, upon discovery of the incident, it had immediately taken steps to restore its operations, to secure its systems, and to review its policies and procedures to further reduce the risk of recurrence. In addition, FPS Medical Center stated that it had established a dedicated toll-free assistance line to answer questions relating to this incident.

You can read the notice here and access details on the OCR portal here.