Cyber Incident Victim: Florida Agency for Healthcare Administration
Date:
Mar 2020
Location:
United States of America
Summary
Florida state servers were compromised by overseas hackers who embedded malicious code into SolarWinds networking software, impacting the Agency for Healthcare Administration and other state entities. The breach affected systems managing the state's Medicaid program, prompting an investigation by officials who confirmed unauthorized access but did not disclose specific operational consequences or data exfiltrated.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 19, 2020, Florida officials publicly acknowledged a cybersecurity incident involving unauthorized access to state servers. The compromise was attributed to overseas hackers who exploited vulnerabilities by embedding malicious code into networking software provided by SolarWinds, a Texas-based technology company. Two anonymous state officials with direct knowledge confirmed the breach impacted systems operated by the Florida Agency for Healthcare Administration (AHCA), the entity responsible for administering the state’s Medicaid program. While the full scope remained under investigation, the officials indicated other unspecified state agencies were also affected. The attackers leveraged SolarWinds software as an initial intrusion vector, though technical specifics of the malicious code deployment were not disclosed. Florida initiated an internal investigation upon detecting the compromise, though the exact timeline of initial intrusion versus discovery remained unclear from available information. No immediate evidence suggested public exposure of Medicaid beneficiary data or healthcare records at the time of disclosure.
The incident prompted Florida authorities to launch a formal investigation focused on determining the extent of system infiltration and data access. State officials restricted public commentary, citing the ongoing nature of the inquiry and operational security concerns. The Agency for Healthcare Administration’s involvement raised particular concerns due to its management of sensitive healthcare enrollment and payment systems, though officials did not confirm whether Medicaid operations or beneficiary information were directly compromised. No ransomware deployment, data destruction, or explicit ransom demands were reported in connection with the breach. The state’s response prioritized containment and forensic analysis, though specific remediation measures such as system isolation, credential resets, or software patches were not detailed in public statements. Federal law enforcement agencies were likely involved given the attribution to foreign actors and SolarWinds’ status as a federally designated critical infrastructure vendor, though interagency coordination specifics remained unconfirmed.