Hackingblogs: On July 1, reports spread on social media that cybercriminals RansomHub had gained access to the vital statistics system of Florida Department Of Health . If the state did not pay an amount of money by last Friday, the hackers threatened to post health department data on the dark web.
TAMPA, Florida:
The Tampa Bay Times says that thousands of files, including doctor’s notes, vaccination and virus test records, and HIV test results for Floridians, were made public on the dark web last week. It occurred following the takeover of state health department files by hackers.
Damage On Florida Health
Sensitive data, including test results and COVID-19 diagnoses, was exposed in over 20,000 files that were uploaded. The complete names, dates of birth, addresses, Social Security numbers, and insurance details of several patients from 2023 and 2024 are included in the documents.
Officials from the Florida Department of Health promised to notify patients whose personal data was improperly disclosed. It seems that this is among the worst data breaches that Florida has ever experienced.
Threat Actor
The worldwide hacker community RansomHub was responsible for the cyberattack and requested payment from the authorities in an amount not yet disclosed in order to keep the documents from being made public. The files were made available on the dark web by RansomHub late last week, and the state has a policy of not paying ransoms.
In response to questions from the Times/Herald regarding the hacking, a Department of Health representative last week stated that there had been “a potential cyber incident” at the state’s online Vital Statistics system, which is used to issue birth and death certificates. The spokesman took more than three days to answer. The inability of that mechanism to function keeps Floridians who must bury or cremate loved ones frustrated.
Hospitals and health departments use three labs in Jacksonville, Tampa, and Miami to perform tests, including ones for infectious diseases like COVID-19, hepatitis, and HIV.
Names and, in some cases, private information written by medical professionals—such as the identity of a patient who presented to a South Florida hospital with several symptoms—are included in the files. The data contain some individuals who tested positive or negative for COVID-19, rabies, dengue disease, salmonella, and hepatitis.
Regarding people, DataBreaches observed:
Files pertaining to services, such as scheduling logs for chest x-rays for 2023 and the first half of 2024 (until mid-June 2024). Thousands of records including first and last name, date of birth, appointment date, appointment location (which facility), and date results were obtained were found in the logs for 2023 and 2024.
Employees’ medical histories, details about their treatments, and specifics about their accidents and injuries are all included in workers’ compensation records. One person’s 2004 scanned file, which contained 63 pages and all of their personal data—including name, date of birth, address, phone number, full Social Security number, marital status, doctor’s name, health insurance information, etc.—gives an idea of the depth of the details;
scanned passport photos; Written prescriptions for certain patients filled-out Florida Healthy Start Programme applications for children containing the parents’ demographic data, such as Social Security numbers and the anticipated date of delivery;
“Any affected parties will be notified as a comprehensive assessment of the situation is completed,”
Department of Health spokesperson Jae Williams said in a statement.