TALLAHASSEE — A hacker group claims it breached the Florida Department of Health and gained access to a large amount of potentially sensitive data on Florida citizens.

The RansomHub ransomware group has said in a post on the dark web that it will release 100 gigabytes of department data unless the state pays an undisclosed sum. The database of all state payments to contractors in a year takes up about 0.1 gigabytes.

It’s unclear what kind of information the group has, or even if it has any. A spokeswoman for the department, which reports to Gov. Ron DeSantis, confirmed Wednesday that the department experienced “a potential cyber incident.” The Times/Herald has asked the state since Friday about the hack.

The Department of Health holds some of the state’s most sensitive information, including individuals’ COVID-19 vaccine records, controlled substance prescriptions and medical marijuana patient data.

The hacking group, which targeted Christie’s auction house earlier this year, is giving the state until Friday to pay to recover the data, according to its site on the dark web. The dark web is a subset of the Internet that people and groups use to hide their locations and identities.

The Florida government has a policy of not paying for ransomware.

Health Department Press Secretary Jae Williams would only confirm that the attack affected the state’s online vital statistics system, which is used to issue birth and death certificates.

The Times/Herald reported Tuesday that state tax collectors’ offices and funeral homes have been unable to issue birth and death certificates since last week, when the health department’s online system went down.

But as of Wednesday, at least two Pasco County health offices have regained the ability to print birth and death certificates, Pasco Tax Collector Mike Fasano said.

“The department is coordinating with law enforcement and all relevant stakeholders,” Williams said in a statement, adding that any affected parties “should be notified once a comprehensive review of the situation has been completed.” Will.”

While state and local governments across the country struggle to deal with the growing number of ransomware attacks, Florida’s state government faces unique challenges.

After DeSantis created a new cybersecurity agency for state government, he appointed a former state lawmaker with no training on the subject to lead it.

The hiring resulted in the resignation of the state’s top cybersecurity expert. Today, Florida is one of the only states in the nation without a Chief Information Officer.

According to annual reports filed by the attorney general’s office, in the past three years, information on more than 10 million Floridians – roughly half the state’s population – was exposed to hackers during breaches at state agencies. has come

The reports did not specify which state institutions were targeted. But in many cases, the state paid for credit monitoring services for Floridians whose personal information was released. In some cases, the information disclosed included Social Security numbers, driver’s license numbers and dates of birth.

The Florida Department of Health oversees the state’s 67 county health departments and licenses doctors, nurses and dozens of other health-related professions.

The department is led by Surgeon General Joseph Ladapo, who has supported deSantis’ efforts to combat the Covid-19 vaccine and was condemned by public health officials this year for telling parents that measles It is okay to send unvaccinated children to school during an outbreak.

Times staff writer Christopher Spata contributed to this report.

Source link