According to the county, the data breach involved the MOVEit file transfer tool, which is a HIPAA-compliant third-party file transfer service provider. Hillsborough County's cybersecurity staff was notified of the breach on June 1 and contacted the company.
They said cybersecurity staff installed and updated security patches water getting further instructions from the vendor and have continued to work on additional security patches over the following two weeks.
Hillsborough Cybersecurity team then learned on June 18 that county files could have been impacted by the global breach. The team along with Hillsborough's HIPAA officer reviewed affected files and found that the ones impacted came from the Healthcare Services and Aging Services departments.
Officials said the files could have contained protected health and personal information, including first and last names, social security numbers, dates of birth, home addresses, medical conditions and diagnoses and disability codes.
While Hillsborough County wasn't specifically targeted in the cyberattack, officials said the county was potentially impacted as a MOVEit customer.
The breach could have also impacted Aging Services vendor employees, and officials said they've notified 12 vendors, so they can notify employees whose information may have been exposed by the breach.
Hillsborough County said they've mailed notification letters to 70,636 people who are clients of Healthcare services and vendors of aging services who they know were impacted.
Officials are urging anyone notified that they may have been impacted to call toll-free numbers of one of the three major credit bureaus to place a fraud alert on your credit report. The three credit bureaus are Equifax, Experian and TransUnion. Here are the toll-free numbers to reach them:
- Equifax – 1-866-640-2273
- Experian – 1-888-EXPERIAN (397-3742)
- TransUnion – 1-800-680-7289
Anyone with questions can also reach Hillsborough County at the toll-free number 1-833-963-4357 between 8 a.m. and 5 p.m. Monday-Friday.