ORLANDO, Fla. — The international hacker group RansomHub released more than 40,000 files it claims it stole from the Florida Department of Health. It’s double what was originally reported last week when 9 Investigates confirmed the Florida Department of Health was hacked.
▶ WATCH CHANNEL 9 EYEWITNESS NEWS
9 Investigates independently confirmed Tuesday that very personal medical information of Florida patients is now published on the dark web.
We worked with anti-virus software company, Emsisoft, to access this site. As one can imagine, just with the name ‘Dark Web’, it’s dangerous. Many of the files could contain malware.
READ: Florida Department of Health confirms it was targeted by criminal hacking group
Emsisoft, using their secure system, showed us what information these hackers have now published.
On the hacker’s site, you can see the more than 100 government agencies and businesses RansomHub claims to have hacked.
Next to some of the organizations’ names are countdowns to a deadline. The hackers say this is when they’ll publish the stolen data.
On the site, RansomHub claims to have stolen 100 gigabytes from the Florida Department of Health and published that data.
We found the files on the dark web.
“There is everything from patient data to fire extinguisher maintenance records,” said Luke Connolly, a threat analyst with Emsisoft.
Many of the files are labeled with patient’s names. The records include doctors’ notes, vaccination records, and test results, including for COVID-19, salmonella, and sexually transmitted diseases and infections, including HIV, syphilis, and hepatitis.
We also found passports and birth certificates.
Also scattered in the files are miscellaneous records like health fair flyers, expense reports, and even an intern checklist.
RansomHub published the files after the Florida Department of Health did not pay whatever the ransom was.
READ: Hackers claim massive data heist of Florida Health Department system
The department has a policy not to pay ransoms. Connolly says that’s the best policy.
“If you pay the ransom, you’re entering into a contract with a criminal group. If you pay, they say they won’t do anything. They say that they’ll delete the data, but that’s not really verifiable,” Connolly said.
Jon Taylor works for Orlando-based cybersecurity firm Fortress Information Security. Their clients include government agencies, critical infrastructure, and the military. Taylor has seen the attacks against healthcare grow.
He notes that even the FBI ranked healthcare and public health the most targeted for cyber-attacks in 2023.
But he says the industry isn’t responding fast enough with security.
This is despite the fact these records are one of the highest priced items on the dark web.
“All of the information that you use to make all of your other account questions—your first address, your parent’s last name, all that kind of stuff is all included in a complete health record. So that makes it very easy for them to go after other accounts and bypass some of the account security that we have out there. So it’s always a target. It’s data-rich,” Taylor said.
Using this data, cybercriminals can access existing bank accounts and even open new credit cards.
There are still many unknowns about this attack. We don’t know if the hacker group released all the data it stole.
The Florida Department of Health says it is still trying to understand the scope and extent of this attack.
READ: ‘Possible cyber incident’ delaying Florida from issuing new birth, death certificates
Anyone who was affected will be notified once the agency completes what the Department calls a “comprehensive assessment.”
The cybersecurity experts we spoke to say it could take weeks, months or even years before the agency fully understands how this attack happened and what all the hackers stole.
A DOH spokesman provided 9 Investigates with the following statement:
“The Florida Department of Health (Department) is working diligently with law enforcement and all relevant stakeholders in responding to one of multiple attacks perpetrated by criminal hacking organizations against several states in a nationwide and worldwide trend of cybersecurity attacks targeting health care organizations. The majority of Department systems and services remain operational with no disruptions. In an effort to protect the private data of Floridians, certain systems were proactively brought offline to strengthen security measures and bolster monitoring. The Department remains engaged in protecting data as the scope and extent of this attack is fully understood.
Any affected parties will be notified as a comprehensive assessment of the situation is completed. We encourage all FDOH healthcare providers to stay attentive to alerts from the Department and follow those best practices disseminated to secure data.
This incident has also been referred to FDLE for investigation, and criminal activity will be prosecuted to the fullest extent of the law.”
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2024 Cox Media Group