Cyber Incident Victim: Florida Department of Health
Date:
Jun 2024
Location:
United States of America
Summary
The Florida Department of Health experienced a ransomware attack claimed by the RansomHub group, which threatened to release 100 gigabytes of potentially sensitive data—including COVID-19 vaccine records, prescription information, and medical marijuana patient details—unless an undisclosed ransom was paid. The breach disrupted the agency's Vital Statistics system, temporarily halting birth and death certificate issuance through tax collectors and funeral homes, though partial functionality was restored in some counties. The state, which maintains a policy against paying ransoms, is coordinating with law enforcement while assessing the incident's scope. This follows broader cybersecurity challenges within Florida's government, including prior breaches exposing millions of residents' personal information and significant leadership turnover in its cybersecurity infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early June 2024, the RansomHub ransomware group claimed responsibility for a cyberattack against the Florida Department of Health, announcing on the dark web that it had exfiltrated approximately 100 gigabytes of data from the agency. The group threatened to release the data unless an unspecified ransom was paid by a Friday deadline, though the exact nature of the compromised information remained unverified. The Department of Health confirmed a "potential cyber incident" affecting its online Vital Statistics system, which processes birth and death certificates statewide. This disruption caused operational paralysis at county tax collectors' offices and funeral homes, halting certificate issuance for multiple days starting in late May. By June 1, partial functionality had been restored in Pasco County, enabling limited certificate printing. The department stated it was coordinating with law enforcement and conducting a comprehensive assessment, pledging to notify affected parties once the investigation concluded.
The incident impacted critical public services while exposing systemic cybersecurity vulnerabilities within Florida's government infrastructure. The Department of Health manages highly sensitive records, including COVID-19 vaccine data, controlled substance prescriptions, and medical marijuana patient information, though RansomHub's specific access to these datasets was unconfirmed. Florida maintains a policy against paying ransomware demands, consistent with its response to prior breaches affecting over 10 million residents' personal data between 2021-2023. Cybersecurity challenges persist due to institutional instability, including the 2023 resignation of multiple top experts following Governor DeSantis' appointment of an unqualified political ally to lead the state's cybersecurity agency. This vacancy left Florida as one of the few states without a chief information officer during the attack. Historical breach reports filed with the attorney general's office indicate recurring exposures of Social Security numbers, driver's licenses, and birthdates, often requiring taxpayer-funded credit monitoring for victims.