Cyber Incident Victim: UF Health Central Florida
Date:
May 2021
Location:
United States of America
Summary
UF Health Central Florida experienced a cyberattack involving unusual server activity, prompting the suspension of network access and email systems to mitigate risks. The incident affected two hospitals, forcing staff to rely on backup procedures including manual documentation methods while continuing patient care operations. IT teams collaborated with experts from other campuses to investigate and secure data, with no evidence of impact beyond the Central Florida division. The attack occurred amid heightened national attention on ransomware threats targeting critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the night of May 31, 2021, UF Health Central Florida detected unusual activity involving its computer servers, prompting an immediate response from its information technology team. The organization proactively shut down portions of its network infrastructure to contain potential risks, suspending access to critical systems including email services across two affected hospitals—UF Health The Villages Hospital and UF Health Leesburg Hospital. This disruption forced staff to revert to manual backup procedures using pen and paper for clinical and administrative operations. UF Health Central Florida collaborated with IT experts from its Gainesville and Jacksonville campuses to investigate the incident and implement security measures, though no evidence suggested those additional locations were compromised. While UF Health did not publicly confirm the attack’s nature, external reports from Villages-News characterized it as a ransomware incident. Despite the operational challenges, both hospitals maintained patient care services without interruption. The organization emphasized its focus on ensuring data and network security throughout the response, leveraging existing contingency protocols to mitigate service impacts.
The incident occurred amid heightened awareness of ransomware threats targeting critical infrastructure, following high-profile attacks on Colonial Pipeline in May 2021 and JBS in early June. These events underscored the disruptive potential of ransomware on essential services, prompting the U.S. government to elevate such threats to a priority level comparable to terrorism. White House officials indicated plans to address ransomware operations—many suspected to originate from Russia—during President Biden’s upcoming summit with Russian President Vladimir Putin. UF Health’s experience reflected broader sector vulnerabilities, though specific threat actors, data compromise details, or ransom demands remained unconfirmed in available reports. The organization’s containment strategy prioritized system isolation and backup activation while maintaining healthcare delivery, aligning with industry practices during such crises.