In another cyberattack on a major healthcare system, hackers stole sensitive data from the state’s DOI.
In another major cyberattack, hackers state they’ve retrieved sensitive data from the Florida Department of Health (DOH). The attack, one of many in recent months, raises concerns about data security and compromised public health information (PHI). It follows on the heels of the Change Healthcare breach, which occurred in January. A leader in healthcare technology solutions, Change Healthcare’s cybersecurity breach had a devastating impact on the industry with the ripple effect still evident six months later. Hackers gained access to consumers’ sensitive data, including PHI, and many are left wondering if Florida’s issue will have the same far-reaching effects.
The DOH issue involves a ransomware attack during which the hackers encrypted important files, then demanded a fee from the state in order for officials to regain access. Reportedly, they were able to exploit a weak spot in the health department’s software applications, exposing the names, addresses, and protected health information of those who’ve sought DOH’s services.
In response, the Florida DOH has rolled out a plan to minimize the impact of the breach and investigate further. It has contracted with cybersecurity experts to assess the extent of the damage and determine how the hackers gained access in the first place. Law enforcement is also working alongside federal and state agencies to track down those responsible and recover the stolen data.
Florida Governor Ron DeSantis said, “We take this incident very seriously and are committed to protecting the personal information of all Floridians. We are working with experts to ensure that this type of attack does not happen again and to hold those responsible accountable.”
Consumers whose data may have been compromised are also being notified directly, and the department is offering resources for monitoring their credit reports and protecting against identity theft.
In addition to the Florida Department of Health and Change Healthcare, other large healthcare entities have experienced significant data breaches this year, including, but not limited to:
- CentroMed: A provider based in San Antonio, Texas, 400,000 individuals were impacted when cybercriminals accessed the company’s network, stole data, and demanded a ransom.
- Affiliated Dermatologists and Dermatologic Surgeons: 380,000 individuals were affected by this New Jersey-based company’s data breach.
- WebTPA: A health insurance and benefit plans provider, the Texas company reported the data of a whopping 2,518,533 individuals was recently exposed.
- Superior Air-Ground Ambulance Service: Data from 858,238 users was exposed when this Illinois ambulance provider was hacked.
- Numotion (United Seating and Mobility, L.L.C.): A provider of wheelchair and mobility equipment, 602,265 individuals were impacted by a recent ransomware attack.
- Henry Ford Health System: A system-wide breach exposed the information of more than 18,000 patients.
- Ascension: Ascension Health System experienced a major cyberattack this year that left the data of 6 million individuals exposed and disrupted access to essential EMR across its 140 hospitals nationwide.
Other well-known healthcare entities hit by cyberattacks so far this year include MCNA Dental, Welltok, PharMerica Corporation, Colorado Department of Health Care Policy & Financing, Regal Medical Group, CareSource, and Cerebral.
Industry leaders are warning that ransomware attacks like the one Florida DOH experienced are becoming more common, in general, as well as more complex. According to a report by Cybersecurity Ventures, in 2024 alone, these breaches are expected to cost businesses and government agencies over $30 billion, raising questions about why data has been so vulnerable and what actions are being taken to stop this concerning trend.
Sources:
Florida health department data captured in cyberattack, hackers claim
Join the conversation!