Ransomware gang RansomHub has released up to 100 gigabytes of files stolen from the Florida Department of Health after the department declined to pay a ransom payment following a ransomware attack last week.

The ransomware attack, described by Governor Ron DeSantis as a “cyber incident,” struck the department on July 2 and caused disruptions to vital services, including the recording of births, deaths, divorces, marriages and apostilles. According to local media, the attack particularly disrupted service at funeral homes, with providers forced to revert to manually completing death certificates by hand.

RansomHub reportedly gave the health department only until last Friday to pay a ransom before starting to publish the stolen data. Under Florida law, government entities cannot pay ransom payments, so the deadline was missed and data was published.

While the amount of data said to have been stolen accounted for 100 gigabytes, it’s not confirmed that this is the amount of data actually published by Ransomhub. What has been confirmed, at least by Databreaches.net, is that the data shared included large sums of personally identifiable information and protected health information.

The published stolen data includes logs of chest X-ray scheduling for 2023 and the first half of 2024, with thousands of entries containing names, dates of birth, appointment details and result dates. Workers’ compensation records provided extensive details on employees’ accidents, injuries, treatment history and personal demographics.

Additional documents included scanned passport images, prescriptions for named patients and completed applications for Florida’s Healthy Start Program with parents’ demographic details. Other records included mammography screening results, family planning forms, dental service referrals and personal correspondence, all of which are said to contain various personal and medical information.

“Breaches such as this one by RansomHub… is another persistent reminder of the vulnerability within the public sector,” Carol Volk, an executive at ransomware protection company Bullwall A/S, told SiliconANGLE. “The disruption of the Vital Statistics system, crucial for issuing birth and death certificates, highlights not only the operational impact but also the personal ramifications for residents.”

The incident underscores the urgency for improved cybersecurity measures, Volk added. “Knowing that this trend will continue, we need to be adding measures such as multi-factor authentication, encryption and ransomware containment to ensure we have protective layers against data access and exfiltration once the attackers are in-system,” she said.

Image: SiliconANGLE/GPT-4o