Ransomware Attack Hits Florida Department of Health

A significant cybersecurity incident has hit the Florida Department of Health (DOH), with the ransomware group known as RansomHub claiming responsibility. The group has allegedly stolen over 100 gigabytes of sensitive data, which includes both personally identifiable information (PII) and protected health information (PHI). The cybercriminals added the agency to their Tor-based leak site on July 2 and began publishing the data after the DOH missed a ransom payment deadline.

The Impact of the Breach

The stolen data reportedly includes a wide range of sensitive information such as service-related files, employee records, passport scans, prescriptions, health program applications, screening results, family planning forms, dental services data, and various correspondences. The compromised PII and PHI might include names, addresses, phone numbers, dates of birth, Social Security numbers, appointment details, health insurance information, medical record numbers, and health policy numbers.

Legal Constraints and Consequences

Under Florida law, government entities are prohibited from making ransom payments, which meant the Florida DOH could not comply with the ransom demand. This legal constraint is in place to discourage the payment of ransoms, as it can perpetuate the cycle of cybercrime. The missed deadline led RansomHub to begin leaking the stolen information over the weekend.

The attack has had a significant impact on the operations of the Florida DOH. Among the disrupted services is the department’s online system for issuing birth and death certificates. This disruption has forced funeral directors to manually complete and deliver death certificates, complicating the process for families needing to obtain burial permits, social security, veteran’s or retirement benefits, probate estates, or make insurance claims.

Broader Implications

The Florida DOH oversees a wide range of health services across the state, including 67 county health departments, children’s medical services area offices, medical quality assurance regional offices, disability determination regional offices, and public health labs. The cyberattack has therefore impacted a vast network of health-related operations and services.

Historical Context

RansomHub is not new to targeting healthcare organizations. Earlier this year, the group was involved in the aftermath of a ransomware attack on Change Healthcare. Initially, the cybercrime group BlackCat carried out the attack, but after internal conflicts, RansomHub claimed to have access to the stolen data, demonstrating their persistent threat to the healthcare sector.

This ransomware attack on the Florida Department of Health emphasizes the growing threat that cybercriminals pose to critical public health infrastructure. As government entities are legally restricted from paying ransoms, the focus must shift to strengthening cybersecurity measures and ensuring robust incident response plans are in place to mitigate the impact of such attacks in the future.