The Florida Department of Health has recently issued a notice revealing a severe data breach orchestrated by the ransomware group RansomHub. The breach, which was discovered on June 26, 2024, led to the theft of 100 gigabytes of sensitive information. This includes a wide array of personal data such as names, Social Security numbers, banking information, and other vital details. The compromised data primarily affects the department’s vital statistics system, which is responsible for issuing essential documents like birth and death certificates.
RansomHub, which first claimed responsibility for the breach in early July, asserted that it had published the stolen data on the dark web. The group’s declaration of having released 100 gigabytes of stolen data on its dark web site has caused considerable concern, given the breadth of the compromised information. The department confirmed that the breach affected a critical system used for maintaining essential records, though it initially refrained from providing further specifics about the extent of the damage.
In the wake of the breach, the Florida Department of Health has taken immediate action to secure its network infrastructure. The department promptly shut down the affected systems and has been working with cybersecurity experts to identify and address vulnerabilities. Enhanced security measures have been put in place to prevent any further unauthorized access. Additionally, the breach has been reported to law enforcement agencies, including the U.S. Department of Health and Human Services, although the incident had not yet appeared on the Office for Civil Rights’ HIPAA Breach Reporting Tool at the time of the report.
The involvement of RansomHub, a notorious ransomware group with a history of high-impact attacks, highlights the growing threat landscape for organizations handling sensitive data. RansomHub has previously targeted entities such as American Clinical Solutions and Rite Aid, showcasing their capability to execute large-scale data thefts. This breach emphasizes the critical need for robust cybersecurity practices and vigilant monitoring to protect against sophisticated cyber threats and safeguard sensitive personal information from malicious actors.
Reference:
