Florida Health Dept Suffers RansomHub Cyberattack
Incident Date:
July 2, 2024
Overview
Title
Florida Health Dept Suffers RansomHub Cyberattack
Victim
Florida Department of Health
Attacker
Ransomhub
Location
First Reported
July 2, 2024
Ransomware Attack on Florida Department of Health by RansomHub
Overview of the Florida Department of Health
The Florida Department of Health (DOH) is a significant entity within the state government, tasked with the responsibility of protecting, promoting, and improving the health of all Floridians. Established by the Florida Legislature in 1996, the DOH operates through a network that includes a state health office, 67 county health departments, and various regional offices and public health laboratories. The agency is headquartered in Tallahassee and is led by the State Surgeon General. The DOH stands out in its comprehensive approach to public health, which includes disease prevention, environmental health, family health programs, and emergency preparedness.
Details of the Ransomware Attack
The Florida Department of Health fell victim to a ransomware attack orchestrated by the group known as RansomHub. The attackers claimed to have seized 100 gigabytes of sensitive data, threatening to release it unless a ransom was paid by a specified deadline. Following the state's policy against paying ransoms, the deadline elapsed without payment, leading to the publication of the stolen data. This breach notably disrupted the department's Vital Statistics system, impacting the issuance of essential documents like birth and death certificates. Recovery efforts are ongoing, with some functionalities restored as the department collaborates with law enforcement and other stakeholders.
Profile of RansomHub
RansomHub is a relatively new player in the cyber threat landscape, emerging as a notable ransomware group with suspected roots in Russia. Operating under a Ransomware-as-a-Service (RaaS) model, RansomHub allows affiliates to retain 90% of ransom payments, with the remainder going to the core group. The group's ransomware is developed using Golang, aligning with a growing trend among cybercriminals. RansomHub has targeted a variety of entities across different sectors and countries, demonstrating a broad and unpredictable attack pattern.
Potential Vulnerabilities and Entry Points
The Florida Department of Health, like many large government entities, manages vast amounts of sensitive data, making it an attractive target for ransomware attacks. The specific entry point used by RansomHub in this incident has not been disclosed, but common vectors include phishing attacks, exploitation of unpatched systems, or compromised credentials. The complexity and scale of the DOH's IT infrastructure might also present challenges in securing all endpoints effectively.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.