Florida Agency for Persons with Disabilities Hit by Phishing Attack Reported by

by | Jun 20, 2018

A phishing attack has been experienced by the Florida Agency for Persons with Disabilities (FAPD), which provides support services for people with disabilities such as autism, cerebral palsy, spina bifida, and Downs syndrome.

The phishing attack took place on April 10, 2018 and was restricted to a single email account; however, that account included the PHI of 1,951 customers or guardians.

While no proof was found to suggest any PHI was seen or copied by the attacker, PHI access could not be ruled out with 100% certainty. The compromised email account included information such as names, birth dates, addresses, telephone numbers, health information, and Social Security details.

All clients have now been alerted of the breach and have been offered free credit monitoring services for 12 months.

Three days after the attack occurred, FAPD adapted a security upgrade to stop unauthorized people from accessing its email system and further training on email security protocols was supplied.

This is not the first phishing attack to be experienced by the agency this year. In February, a more extensive phishing attack happened that resulted in multiple email accounts being accessed. That phishing attack impacted more than 55,000 customers, whose names, birth dates, and Social Security numbers were potentially accessed.

In October 2004, the Agency for Persons with Disabilities (APD) was established as an agency separate from the Department of Children and Families, specifically charged with serving the needs of Floridians with developmental disabilities. Before it was set up, it operated as the Developmental Disabilities Program. The agency is was set up under the auspices by Chapter 20, Chapter 393, and Chapter 916 of the Florida Statutes. The APD works with with local communities and private suppliers to help people who have developmental disabilities and their families. APD also gives help in identifying the needs of people with developmental disabilities for supports and facilities.

After the phishing attach in February, FAPD said it had adapted multi-factor authentication to stop unauthorized accessing of its email accounts and supplied additional training for staff members on email security measures.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy