Cyber Incident Victim: Florida Department of Juvenile Justice
Date:
Mar 2024
Location:
United States of America
Summary
A cyberattack compromised the Florida Department of Juvenile Justice's information system, prompting a proactive shutdown of the network to protect sensitive data including juvenile health records, risk assessments, and service plans. While agency employees regained access during phased restoration efforts, external contractors providing critical youth services remained unable to use the system for over three months, forcing manual documentation on paper. A state senator acknowledged the agency's rapid protective actions but noted broader concerns about recovery timelines. The incident coincided with a separate ransomware attack on another state health system, though no direct linkage was established between the two breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 29, 2024, the Florida Department of Juvenile Justice (DJJ) detected a potential cybersecurity incident affecting its Juvenile Justice Information System (JJIS), a critical operational backbone containing detailed records on minors under state supervision. The system housed sensitive data including health records, risk assessments, mental health service referrals, and individualized service plans. In response, DJJ proactively took JJIS offline as a precautionary containment measure, following standard incident response protocols. While the agency restored system access for its own employees during the subsequent recovery phase, external contractors—who deliver the majority of direct services to at-risk youth—remained locked out of JJIS for over three months. Service providers resorted to manual paper documentation for case management during the prolonged outage, creating operational inefficiencies in delivering interventions. DJJ spokesperson Amanda Slama confirmed a phased restoration approach prioritizing security validation, with contractor access planned for imminent reactivation as of early July 2024. The incident occurred independently of but temporally proximate to a separate July 2024 ransomware attack on the Florida Department of Health’s Vital Statistics system by threat actor RansomHub, which disrupted birth/death certificate processing statewide.
The JJIS compromise triggered significant service delivery challenges, as contractors lacked access to centralized records needed for coordinated care of juvenile clients. Senator Jennifer Bradley acknowledged DJJ’s rapid system isolation to protect sensitive data but noted broad stakeholder desire for faster recovery timelines. Concurrently, the unrelated Department of Health cyberattack exacerbated public service disruptions, forcing funeral homes and families to navigate offline death certificate procedures while health officials coordinated manual birth registrations for infants born after June 28. Florida’s statutory prohibition on ransom payments complicated the Health Department incident response, as RansomHub threatened dark web publication of stolen data absent payment by July 5. State Surgeon General Joseph Ladapo emphasized continuous restoration efforts for Vital Statistics systems, while county health departments implemented contingency measures to issue pre-June 28 birth certificates. Both incidents highlighted systemic vulnerabilities in critical state infrastructure, with cybersecurity expert Aaron Ward criticizing the three-month JJIS contractor access outage as excessively prolonged despite DJJ’s adherence to phased recovery protocols.