The Florida Department of Health (DOH) has confirmed that it was targeted by the ransomware group RansomHub. The hackers have reportedly exfiltrated and published 100 gigabytes of sensitive data on the dark web after the state refused to pay the demanded ransom.
The cyberattack, which disrupted the DOH’s ability to issue birth and death certificates, began with a ransomware infiltration that encrypted critical data within the department’s systems. According to RansomHub, the stolen data includes a wide range of sensitive information, including HIV diagnoses and other patient records.
Over 20,000 files containing highly sensitive information about Floridians have been leaked online. These files include lab results, signed medical release forms, workers’ compensation records, and COVID-19 diagnoses. One file contains a photo of a person’s passport, while another reveals a woman’s negative mammogram result.
The majority of these records, dated from 2023 and 2024, contain detailed personal information such as patients’ full names, dates of birth, addresses, Social Security numbers, and insurance details. This breach exposes individuals to significant risks of identity theft and privacy violations.
In response to the breach, the Florida Department of Health has confirmed that it was indeed the target of a criminal hacking group and has begun notifying patients whose personal information has been compromised. DOH officials are working with cybersecurity experts to assess the full extent of the damage and to enhance the department’s security protocols to prevent future incidents.
The publication of this data on the dark web poses severe risks to the affected individuals, as the exposed information could lead to identity theft, financial fraud, and further personal and professional harm. This breach highlights the growing threat of ransomware attacks on public institutions and the critical need for robust cybersecurity measures.
Governor Ron DeSantis and state officials have condemned the attack and emphasized their commitment to protecting citizens’ data. While efforts are underway to contain the damage and recover from the breach, the incident underscores the importance of preparedness and proactive measures in cybersecurity.
The ransomware attack on the Florida Department of Health and the subsequent release of sensitive data on the dark web serve as a stark reminder of the vulnerabilities that public institutions face in the digital age. As the state works to mitigate the fallout, this event calls for heightened awareness and improved defenses against cyber threats.
![Image: [image credit]](/wp-content/themes/yootheme/cache/28/dreamstime_xxl_42482823-scaled-28ae5ec4.jpeg)
