Hackers this week leaked over 20,000 Florida Department of Health (DOH) files containing sensitive personal information, including HIV test results, immunization records and more, according to The Tampa Bay Times.

 

The hacker group RansomHub targeted DOH, which is said to be working with law enforcement and taking additional action to protect Floridians’ personal information. DOH officials said they would notify those whose personal information was illegally released, in accordance with state law.

 

According to the Tampa Bay Times, RansomHub demanded that the state pay an undisclosed ransom amount to avert the leak. Per state policy, DOH did not pay the ransom, and so the group posted the files, including patients’ lab results, signed medical release forms, workers compensation records and COVID-19 diagnoses, on the dark web.

 

Many records contained patients’ full names, date of birth, insurance information, Social Security numbers and more. However, much of the information leaked, including expense reports, contracts and employee time-off request sheets, might be considered public record under state law.

 

The state’s online Vital Statistics system, which issues birth and death certificates, is temporarily shut down to avoid additional hacks.

 

DOH spokesperson Jae Williams said the breach was part of a national wave of cyberattacks targeting health care providers. This week, RansomHub claimed to have also stolen data from the pharmacy chain Rite Aid.

 

According to The Tampa Bay Times, more than 10 million Floridians have been exposed to hackers as a result of breaches at state agencies in the last three years. Most victims are offered credit monitoring services by the state.

 

Williams advises health care providers “to stay attentive to alerts from the department and follow those best practices disseminated to secure data.”