Florida health data allegedly posted on dark web after state refuses to meet ransom demand

Confidential data from the Florida Department of Health was reportedly leaked on the dark web by a global ransomware group after the state failed to meet a July 5 deadline for payment.

On July 1, HackManac, a company that tracks cyberattacks, revealed in a post on Xthat the group, RansomHub, threatened to exfiltrate 100GB of data from the state health department unless the state paid an undisclosed sum of money by Friday.

In line with federal guidelines from the Cybersecurity and Infrastructure Security Agency that strongly advise against paying ransom demands, Florida did not pay.

According to Statescoop, after the deadline passed, RansomHub posted a link to the stolen data on its dark web account.

A profile prepared by threat intelligence firm SOC Radar provides some details about the ransomware group, including that they do not allow targeting nonprofits, that they are “only interested in money,” and that they claim that “new attacks are not allowed for targeted businesses that have already made payments.”

However, on April 8, RansomHub allegedly demanded money from Change Healthcare, one of the world’s largest healthcare payment processing companies, less than two months after its alleged affiliate, the BlackCat cyber gang – also known as ALPHV and Noberus – was allegedly paid $22 million after claiming to have 4TB of personally identifiable patient information.

Despite receiving payment, the BlackCat group did not return the stolen data and, after RansomHub’s demands were not met, they reportedly shared screenshots of the leaked data to the highest bidder on the dark web.

The Florida Department of Health did not immediately respond to a request for comment.