Hackers are now claiming to have published 100 gigabytes of data.
What happened
Last week, the Tampa Bay Times reported that ransomware gang, The RansomHub had breached Florida’s Department of Health.
The group has been linked to BlackCat, an organization that gained notoriety for its massive attack on Change Healthcare.
RansomHub has claimed to have 100 gigabytes of department data. Currently, the Department of Health press secretary Jae Williams confirmed that the attack impacted the department’s Vital Statistics system, which is used to issue birth and death certificates. Despite the breach, the department was able to quickly regain normal operations. It’s believed other systems were likely impacted as well.
In a statement, Williams said, “The Department is coordinating with law enforcement and all relevant stakeholders.” The department will notify impacted individuals once their investigation is completed.
RansomHub demanded a payment of an unspecified amount to have the data deleted. While organizations are never recommended to pay ransoms, Florida also has a specific law against it.
What’s new
After the attack, RansomHub allegedly gave the Health Department several days to pay the ransom, but they refused.
Since then, reports have revealed that RansomHub has posted a link to the stolen data on the dark web. Posted with the data is a statement reading, “The Florida Department of Health is responsible for protecting the public health and safety of the residents and visitors to the state of Florida,” alongside other general information about the department.
Data leaked reportedly includes service-related files (such as logs of x-rays), workers' compensation records, scanned images of passports, prescription information, and other personally identifiable information like names, addresses, and Social Security numbers.
What’s next
According to threat analyst Brett Callow, “There’s no particular reason to doubt that RansomHub does have at least some of the data it claims.” Even if RansomHub has data, cybercriminals sometimes overstate the amount of data they stole in an attempt to receive payment.
With some data now on the dark web, it will likely be sold, copied, and potentially used by malicious actors.
Most of the stolen files were originally hand-written notes and forms, meaning that the investigation process may take longer than normal. Once the investigation is complete, impacted individuals will begin receiving notice. At that time, we will have a better understanding of how many individuals were impacted.
The big picture
In the last three years alone, it’s estimated that more than 10 million Florida residents have had their data exposed due to breaches at state agencies. In an effort to prevent future attacks, Governor Ron DeSantis formed a new cybersecurity agency at the beginning of his term. The agency faced significant backlash surrounding DeSantis’ hiring choices. Now, many of the state’s leading experts have quit and there is no Chief Information Officer.
Attacks in Florida highlight the need for cybersecurity experts. With many state agencies targeted, the events suggest that new policies and technology may be needed to combat evolving and increasing cyber threats.
Related: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
