The Florida Department of Health has confirmed a major data breach that allowed hackers to access personal information, including names, Social Security numbers and medical records.
Floridians have begun receiving letters in the mail informing them of the June 26 cyberattack and the specific items that may have been compromised.
“The security breach of the agency's networks resulted in unauthorized access to personally identifiable information and/or protected health information, including but not limited to customers' names, birth dates, addresses, Social Security numbers, banking information, credit card information, driver's license numbers, passport numbers, military ID numbers, nexus numbers, medical and dental histories, medication/prescription information, provider/doctor/care coordinator names, insurance claims information, insurance coverage information and passwords,” the agency said in a statement Wednesday. “Personalized letters sent by the agency to each individual contain specific details regarding each individual's personal data that was affected.”
A known hacking group accessed the data and demanded a ransom, but the State of Florida has a policy of not paying ransoms to criminals who commit these types of crimes.
“No government agency or local government or government official in the state of Florida can afford to pay the ransom to the bad guys, so the bad guys had no choice but to say, if you don't pay us the ransom, we're going to release this information and sell it to the public,” said cybersecurity expert Reginald Andre.
Florida law requires state government agencies to notify customers of a data breach within 30 days, though notification may be delayed if it would impede an investigation.
Andre said any delay would be detrimental to consumers.
“We need to at least send a big message to all residents and consumers saying this is happening and be careful,” Andre said. “That would go a long way.”
In response to the breach, the state is working with Kroll to provide free identity and credit monitoring services for 12 months.
If you have received a letter from the health department regarding a violation, log on to the Kroll.com website for more information about monitoring services.