FLORIDA – Some data of HIV patients and other personal medical information could have been released in the ransomware attack against the Florida Department of Health earlier this month, according to a new report from the Tampa Bay Times.
On July 4, the News4JAX I-TEAM learned that FDOH’s vital statistics information was targeted by cybercriminals.
RELATED | Florida Department of Health cyberattack has caused problems for funeral homes
Last week, the ransomware gang that took responsibility for the cyberattack claimed it had published the stolen data on the dark web after the department missed the deadline to pay the ransom.
News4JAX asked FDOH about the number of patients impacted, who was notified, and the type of data involved.
Officials sent the following statement:
“The Florida Department of Health (Department) is working diligently with law enforcement and all relevant stakeholders in responding to one of multiple attacks perpetrated by criminal hacking organizations against several states in a nationwide and worldwide trend of cybersecurity attacks targeting health care organizations. The majority of Department systems and services remain operational with no disruptions. In an effort to protect the private data of Floridians, certain systems were proactively brought offline to strengthen security measures and bolster monitoring. The Department remains engaged in protecting data as the scope and extent of this attack is fully understood.
Any affected parties will be notified as a comprehensive assessment of the situation is completed. We encourage all FDOH healthcare providers to stay attentive to alerts from the Department and follow those best practices disseminated to secure data.
This incident has also been referred to FDLE for investigation, and criminal activity will be prosecuted to the fullest extent of the law.”
Jae Williams, Deputy Communications Director
The agency said the majority of the department’s systems were not impacted and other private data was brought offline to increase security.
Meanwhile, local advocacy groups for HIV and AIDS patients said they were aware of the possible release of sensitive data but did not want to comment on this matter.
According to the Florida Department of Health data, there are about 4,000 cases of HIV in the state recorded every year.
Any time data is leaked, state law of The 2023 Florida Statutes (including Special Session C) requires that the potential victims be notified, and states that the notice to an affected individual should be done by one of the following methods:
- Written notice sent to the mailing address of the individual in the records of the covered entity
- E-mail notice sent to the e-mail address of the individual in the records of the covered entity
No timeframe for the investigation has been provided. However, if caught, the hackers could face criminal charges.