Hacking group RansomHub claimed this week to have stolen and released 100 gigabytes of sensitive data from the Florida Department of Health after the agency failed to meet its ransom demands.
According to a post by X on July 1st: HackmanackRansomHub, a company that tracks cyberattacks, threatened to make stolen health department data public by posting it on the dark web if the state doesn’t pay an undisclosed amount by Friday.
The State of Florida, following Cybersecurity and Infrastructure Security Agency guidelines, has a policy of not paying ransom demands because paying does not guarantee that an organization will regain access to its data or be able to resume normal operations.
With the deadline passing, RansomHub published a link to the stolen data on its account, along with the following message: “The Florida Department of Health is responsible for protecting the public health and safety of Florida residents and visitors. It is a cabinet-level agency in state government, led by the State Surgeon General who reports to the Governor. The Department is headquartered in Tallahassee.”
The Florida Department of Health did not respond to a request for comment.
“We have no particular reason to doubt that RansomHub actually has at least some of the data it claims,” Brett Callow, a threat analyst at software company Emsisoft, told StateScoop in an email. “The Department of Defense has acknowledged that there was a cybersecurity incident, and RansomHub is a known bad actor that has claimed responsibility for that incident.”
The ransomware attack and subsequent data breach is the latest in a series to hit government organizations in recent months: 2,207 U.S. hospitals, schools and government agencies were affected by ransomware attacks last year, according to Emsisoft.
The Florida Department of Health, like many other public health agencies, holds confidential information about state residents, including medical records, Social Security numbers, and health insurance information. The department oversees the state’s 67 county health departments and issues licenses to doctors, nurses, and other health care professionals.
“The U.S. healthcare sector continues to be targeted by for-profit cybercriminals, with up to 200 hospitals directly affected by ransomware attacks and many more indirectly affected by the attack on Change Healthcare,” Callow wrote. “This is an issue that puts people’s personal information at risk, and even worse, their lives.”
In February, the new state budget for fiscal year 2025, obtained by StateScoop, proposed returning $40 million, part of Florida’s local government cybersecurity grants, to the state’s general fund.
Cyberattacks against state and local governments in Florida have been frequent. In October of last year, the hacker group Black Cat launched a ransomware attack on the state’s court system, and in September a phishing attack occurred in Fort Lauderdale that resulted in the theft of $1.2 million.
Meanwhile, cyberattacks have hit other state government agencies: On Wednesday, the New Mexico public defender’s office was also hit by a ransomware attack, compromising its data, and on the same day, the Alabama Department of Education announced it was targeted in a cyberattack last month, and that while hackers were not able to fully access or lock down the department’s systems, some data had been compromised.