DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Personal and health info leaked from Florida Department of Health

Posted on July 6, 2024July 7, 2024 by Dissent

As an update to the Florida Department of Health ransomware attack reported yesterday:

On July 2, threat actors known as Ransom Hub had claimed to have exfiltrated 100 GB of files from the state agency. They threatened to leak it if the state did not pay their demands, but Florida law prohibits state agencies from paying ransom.

DataBreaches cannot confirm whether Ransom Hub actually leaked 100 GB of files, but they did leak a lot of data  on their leak site, and a lot of it was personally identifiable information (PII) or protected health information (PHI).

The data in the tranche did not seem organized in any recognizable way, but there was a mix of internal files a state agency would store as well as specific patient-related files.  Hopefully, the state has combed through the data tranche carefully to figure out what state financial accounts or other accounts now have been leaked and need to be canceled or changed.

When it comes to individuals, DataBreaches noted:

  • Service-related files such as logs of chest x-ray scheduling logs for 2023 and the first half of 2024 (up to mid-June 2024). The 2023 and 2024 logs contained thousands of entries with first and last name, date of birth, date of appointment, location of appointment (which facility), and date that the results were received;
  • Workers Compensation records with detailed information on employees, their accidents and injuries, and their treatment history and notes. As an indication of the depth of the details, one person’s scanned file from 2004 was 63 pages and included all demographic information such as name, date of birth, address, phone number, full Social Security number, marital status, physician name, health insurance information, etc.;
  • Scanned images of passports;
  • Prescriptions written for named patients
  • Completed applications for Florida’s Healthy Start Program for kids with parents’ demographic information, including Social Security Numbers and expected date of delivery;
  • Mammography screening results for named patients with their medical record number, date of birth, date of screening, location of screening, and findings. DataBreaches also noted corresponding completed health insurance claim forms;
  • Completed family planning forms about provider encounters, including medical record number, name, postal and email addresses, phone number, date of birth, net income, type of birth control in use, health insurance carrier, and policy number;
  • Referrals for named patients for dental services;
  • Miscellaneous correspondence to individuals concerning personal information;

and more.

DataBreaches notes that the data breach review will likely be time-consuming because many of the scanned files are images of handwritten notes and forms. They will need to be reviewed manually to determine who needs to be notified and what types of information were involved for the individual.  DataBreaches has not attempted to verify that all of the data is real but from superficial inspection and using Google to try to locate people with names and relative ages matching information in the sample, this site could find people with names that matched those found in files this site viewed, and where pictures were available, the individuals appeared to be of an age corresponding to year of birth or near to that.

See News4Jax for an explanation of how the attack has affected people’s lives.

 

 

 

Category: Government SectorHealth DataU.S.

Post navigation

← SouthCoast Medical Group and Privia Medical Group notify patients of June 2023 cyberattack
In: KEM staffers make paper plates out of patient reports; notice issued →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.