Florida Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
Florida.jpg
 

Public Safety

Threat Actors claim to have attacked City of Dade City, Florida, Pasco County,FL

Breach Type – Hacking, Data Breach

Data Breaches

  • “Avaddon threat actors claim to have attacked the City of Dade City, Florida.”
  • “The attackers also threaten to start dumping data in 4+ days if the city does not cooperate.”
  • “A Google search confirmed that at least one of the officers’ names in the list had been a Dade County Police officer at the time of the filestamp.”
  • “Dec. 22 update: The City of Dade sent this site a copy of their statement of December 8. Other than acknowledging that there was an attack and impact, it doesn’t really add anything new to what we know so far.”
  • “July 23, 2021 update: On July 21…934 people were being notified of this incident.”
Read More
ABC News

  • “The police department in Dade City, a small town in Florida, currently has many of its files posted on the dark web by the ransomware gang Avaddon after the city decided not to pay the $450,000 worth of bitcoin that was demanded.”
  • “Leaked files show pictures of a dead body from a crime scene.”
Read More

 
Levy County Sheriff's Office, Levy County

Breach Type – Unknown, TDoS

My CBS 4

  • Phone services were rendered unusable as calls were continually incoming
  • The repetitive calling forced the Sheriff’s Office to unplug phone lines
  • These repeating attacks have prompted a need for upgrading the systems
Read More

 
Monroe County Sheriff’s Office and Key West City Hall Monroe County

Breach Type – Unknown, Malware

Miami Herald

  • Servers were shut down for a week following a computer virus
  • Employees have to use pen and paper to continue normal operations
  • Online records and resources were rendered offline until repairs to servers are made
Read More

 
Levy County Sheriff's Office, Levy County

Breach Type – Unknown, DoS/TDoS

WCJB ABC 20

  • Sheriff's office was victim of cyberattack, phone lines taken out
  • Bad actors utilized complicated denial of service attack
  • Emergency phone lines remained operational, officials suggested alternative contact methods
Read More

 
Levy County Sheriff's Office, Levy County

Breach Type – Unknown, TDoS

WJCP

  • The cyber attack caused systems to shut down and forced deputies to work over cell phones
  • One the system was back up bad actors still held control over the system and demanded ransom
  • All non emergency lines remain down and exceptions were placed for contacting the Sheriff's office
Read More

 
North Miami Beach Police Department, Miami-Dade County

Breach Type - Unknown, Ransomware

Miami Herald

  • Emergency services remained unaffected despite cyberattack
  • Ransomware confirmed as method used by bad actors
  • Officials remained unsure as to bad actor's identities
Read More

 
St. Lucie County Sheriff's Office, St. Lucie County

Breach Type – Unknown, Ransomware

CBS 12

  • Federal law enforcement assisted Sheriff's Office with ransomware attack
  • Sheriff's Office network was mostly disconnected due to severity
  • Emails, arrest reports, criminal background checks among lost systems
Read More

 
Riviera Beach Police Department & City of Riviera Beach, Palm Beach County

Breach Type - Phishing, Ransomware

WPDF

  • Florida city's email and computer systems were disabled in a cyber attack, local PD required to take nearly 300 reports by hand, daily
  • Infiltration came from email phishing that employee opened, city officials sought to approve finances to get critical systems restored
  • Riviera Beach Police Chief warned that with systems down, PD was unable to verify criminal history checks, among others
Read More
Star Tribune

  • City agreed to pay hackers $600,000 in an attempt to save locked up data
  • City Council voted unanimously to move forward with payment after determining they had no other option to retrieve lost records
  • 9-1-1 dispatch personnel were unable to enter calls into the computer system and found manual work arounds to prevent delay in response time
Read More
Palm Beach Post

  • The city council had authorized the purchase of new systems for over $700,000
  • The systems are still not in place after hackers infiltrated the systems
  • Ransom was paid to bad actors totaling nearly $600,000 causing most functions to return but not all
Read More

 
City of Stuart, Martin County

Breach Type - Unknown, Ransomware

TC Palm

  • A computer virus has shut down city servers blocking public contacts
  • 911 systems were left unaffected as the virus was isolated and systems are being restored
  • The servers will be reactivated before the emails will be restored as there are now planned upgrades to the systems
Read More
TC Palm

  • A Trikbot had been used that can lead to larger damage in the long run along with a Ryuk virus
  • No negotiations were made and the servers are being inspected to find how the virus initially entered the systems
  • Even the ransomware message was not entertained as officials refuse to state what the message said
Read More
WPTV

  • The ransomware targeted the city causing communications with police, commissioners, and other staff to be interrupted
  • Police also were forced to handwrite reports and documents, not affecting public safety
Read More

 
Leon County Sheriff's Office

Breach Type - Virus

abc 27 WTXL

  • Sheriff's Office & State Attorney's Office impacted by computer virus
  • Virus prohibits victim from sending documents
  • Leon County Clerk of Courts experienced similar issues
Read More
Tallahassee Democrat

  • Aggressive worm virus causes abnormal computer behavior throughout Leon county
  • Forced employees of the county to rely on notepads for work
  • No information lost or compromised in the process
  • Leon County never fully down – slower process for daily tasks
Read More

 
Flagler Sheriff's Office

Breach Type - Hack

Flagler Live

  • Sheriff's website hacked to show clickbait and vulgar content
  • Confusion between IT department and Google made it difficult to identify the problem
  • Weakness in firewalls left website vulnerable to malicious malware
Read More

 
Town of Palm Beach 911 Services

Breach Type - Ransomware

CBS 12

  • Computer systems targeted twice in two weeks
  • Dispatchers used notepads to record calls
  • Restored systems without paying ransom
Read More

 
BACK TO TOP

Local Government

South Florida City Grapples with Ransomware Attack , Broward County

Breach Type – Unknown, Ransomware

GovTech.com

  • “The city of Pembroke Pines has fallen victim to cyber criminals, becoming the latest in South Florida to be targeted in a rising wave of ransomware attacks.”
  • “The ransomware attack happened about Jan. 13, according to city spokeswoman Marianne Wohlert. The city so far won’t say which services were affected, but acknowledged the ransomware has “impacted our ability to access certain city computer systems.”
  • ”City officials said the crime was reported to the FBI and U.S. Secret Service, which handles cyber crime. Pembroke Pines notified city commissioners about the cyber attack this week, indicating the city’s computers were only “down for a short period of time,” some commissioners said.”/li>
  • "Whether anyone’s personal data was breached is unclear. “Should our investigation determine that personal information was affected by this incident, we will provide notice to individuals as required,” Wohlert said.”
Read More

 
'Freeze your credit report': Cybersecurity experts advises after DEO security data breach, State of Florida

Breach Type – Unknown, Data Breach

ABC Action News

  • “On July 16, 2021, the Department learned of a data security incident involving potentially fraudulent activity connected to claimant accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT.”
  • “The Department discovered that malicious actors were targeting claimant accounts via the CONNECT public claimant portal. A total of 57,920 claimant accounts were targeted. These targeted accounts may have been accessed by an unauthorized party. This activity may have occurred between April 27, 2021, and July 16, 2021.”
  • “In response, the Department has: Locked accounts targeted by this activity; Improved PIN security controls; Enhanced network security controls; Notified impacted claimants; Notified the Department of Legal Affairs, Department of Management Services, including the Division of State Technology, and the Florida Department of Law Enforcement; Reported impacted accounts to the three U.S. credit reporting agencies; and Purchased a year’s subscription of identity protection services for affected claimants.”
Read More

 
20th Judicial District Public Defender’s Office servers, Lee County

Breach Type – Unknown, Malware

Fox 4

  • Public Defender's office website taken down after malware attack
  • Still unclear at this point what malware variant the Defender's Office is dealing with
  • Phone lines are functional and the city's cyber security team is working to restore the website
Read More

 
City of Oldsmar Water Treatment Systems, Pinellas County

Breach Type – Hacking, Other

WTSP

  • Bad actors were able to gain access to the water treatment plant and attempted to poison water supply
  • The remote access gained allowed hackers to bump the sodium hydroxide in the water to dangerous levels
  • Operators noticed the remote access and at first didn't notice the modifications hackers were making but were able to restore levels to normal
Read More

 
Florida Healthy Kids Corp., Leon County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • Members were being notified of a 7-year data breach that exposed the information of hundred of thousands of applicants
  • They were notified on Dec. 9th of potential breach which exposed the websites massive vulnerabilities
  • There has been no confirmation on the extent or manner in which the information was possibly used
Read More

 
Indian River County Systems, Indian River County

Breach Type – Unknown, Data Breach

TCPalm

  • Cyberattack left county government without access to online payments and emails
  • Officials reassured the public that phone lines remained intact
  • Personal data and payment information also remained secure
Read More

 
Martin County website, Martin County

Breach Type – Hacking, Data Breach

TC Palm

  • Bad actors gained access to three year old data; no request for money was made
  • The information was stated to be low level and does not contain any vital information, however no public release has been made about what the data specifically entailed
  • It is believed that the hack was not locally based
Read More

 
Polk County Tax Collector's Office, Polk County

Breach Type – Phishing, Malware

News Chief

  • County tax collector's office systems were taken out in cyberattack
  • Bad actors utilized email phishing to trick county employees
  • Computers, telephones, online processing, and service center operations were taken out
Read More
10 Tampa Bay

  • Driver's license information possibly leaked following cyberattack
  • IT personnel managed to mitigate the attack by disabling systems
  • Officials stated a lack of evidence showing the information was actually accessed
Read More
The Ledger

  • Roughly 4,500 citizens were sent letters following cyberattack
  • Officials stated they provided the warning out of an abundance of caution
  • Residents with additional questions were directed to contact an assistance telephone line
Read More

 
City of Palm Bay Utilities Dept and Building Division, Brevard County

Breach Type – Hacking, Malware

The City of Palm Bay Florida

  • City government utility system was hacked
  • IT personnel deactivated affected server
  • Server was sent to digital forensics firm
Read More

 
Town of Jupiter, Palm Beach County

Breach Type – Unknown, Malware

WFLX

  • Malware cyberattack used in hit against Florida town
  • Email and other online services were taken out
  • Officials forced to resort to traditional methods until repaired
Read More
MSSP Alert

  • Town network, including email and online payment system, was victim of cyberattack
  • Bad actors encrypted and locked numerous files which caused parts of the network to shut down
  • Officials were forced to revert to computer backups while IT personnel restored services
Read More
Palm Beach Post

  • Three weeks following a ransomware attack most services remain inoperable
  • Services that have been restored are email, utility billing and online payment, services for records requests and recreation programming
  • The ransomware attack originated from a Russian linked computer bug named REvil/Sodinokibi
Read More

 
City of Marathon, Monroe County

Breach Type – Unknown, Malware

Shelby Star

  • Communications system hit in cyberattack
  • Email, internet, and more were affected
  • Officials continued to work on restoring systems
Read More

 
Port St. Lucie Parks & Recreation Department, St. Lucie County

Breach Type – Unknown, Malware

TCPalm

  • Minimal information exposed following cyberattack using malware
  • Officials believed personal and financial information wasn't accessed
  • Online services remained available despite hit
Read More

 
Volusia County Library Systems, Volusia County

Breach Type – Unknown, Malware

News Journal Online

  • Officials refused to disclose specifics of outage
  • Malware likely caused outage at public library
  • Officials only confirmed the outage occurred, and it was an IT issue
Read More

 
Pensacola City

Breach Type – Unknown, Ransomware

PNJ

  • City communications hit in ransomware cyberattack
  • Officials remained uncertain about personal information breach
  • Online payment systems affected, 911 services remained unaffected
Read More

 
City of Ocala, Marion County

Breach Type – Phishing, Other

Spectrum News 13

  • Phishing cyberattack used against Florida city
  • Officials tricked into thinking email from bad actor was legitimate
  • City officials confirmed they had paid the faux contractor
Read More

 
City of Port Orange, Volusia County

Breach Type – Hacking, Data Breach

Spectrum News 13

  • City payment services downed in cyberattack
  • Officials refunded late charges related to downed services
  • System was suspended deliberately to mitigate damage
Read More

 
Dunnellon City Hall, Marion County

Breach Type – Phishing, Malware

Ocala Star Banner

  • City in Florida was victim of phishing malware cyberattack
  • Virus was able to send city staff emails that included infected attachments
  • Officials believed only two computers had been infected
Read More

 
Lee County Government Systems, Lee County

Breach Type – Unknown, Malware

WinkNews

  • County manager confirmed cyberattack in Lee County, advised it was under investigation
  • County IT disabled access to county website as direct response to cyberattack
  • Officials forced to utilize cellular communication while networks were down
Read More

 
City of Deerfield Beach, Palm Beach County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Deerfield Beach one of the eight cities impacted
Read More

 
City of Palm Bay, Brevard County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Palm Bay one of the eight cities impacted
Read More

 
City of Milton, Santa Rosa County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Milton one of the eight cities impacted
Read More

 
City of Coral Springs, Broward County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Coral Springs one of the eight cities impacted
Read More

 
City of Naples, Collier County

Breach Type – Phishing, Other

Fox4now

  • City of Naples victim of cyber scam, losing $700k during attack
  • Bad actors claimed funds would be used for construction project
  • City admitted it was victim of cyber attack, worked with law enforcement
Read More
Napelsnews

  • City officials advised that data breach did not occur
  • $700k loss was part of sophisticated cyber scam
  • Money was paid to fake bank account believed to be contractor
Read More

 
Village of Palm Springs, Palm Beach County

Breach Type - Phishing, Ransomware

WPTV

  • Village Manager confirms a cyber attack occurred about a year ago – Ransomware called Amnesia 3
  • Believed that phishing email compromised systems and allowed for injection of malware
  • Hackers split ransom into 3 keys and village paid for 2 out of 3 ~$1,200 worth of Bitcoin
  • Hired an IT Director and outside IT firm to prepare for any future attacks
Read More

 
City of Mexico Beach, Bay County

Breach Type - Unknown, Ransomware

WJHG

  • During early April the City of Mexico Beach experienced a ransomware attack locking users out of their systems
  • One officer had managed to stop another cyber attack, IT professionals are directing the county to decryption services
  • After the attack the city had decided to renew their security systems and add several layers of defense
Read More

 
Village of Key Biscayne, Miami-Dade County

Breach Type - Unknown, Ransomware

Miami CBS Local

  • Key Biscayne was one of many Florida cities to report a cyber attack on their networks
  • The security “event” was noticed and outside parties meant to aid in investigations were brought in
Read More
Ars Technica

  • Key Biscayne is among 3 other governments joining Lake City on the list of places affected by the Ryuk ransomware
  • All three cases have shown the origin of the virus to be from employee mistakes as employees open links/attachments in emails
  • One concern is that Key Biscayne is one of the smaller communities, yet it has been targeted as well as larger groups almost four times in size
Read More

 
Lake City, Columbia County

Breach Type - Unknown, Ransomware

WCJB

  • Lake City was targeted by a multi staged attack that combines several methods to target systems
  • Several systems have been compromised and no longer can be used including land lines
  • Emergency services are still operable and remain intact after all attacks
Read More
Cyware

  • Public safety networks were protected and isolated with several layers such as encryption nets
  • Bill payments are no longer electronic and require paper receipts and hand written bills
  • Resorting to hand written bills for both utility and water payments has been used to aid in services
Read More
Action News Jax

  • After several attempts to fix this situation Lake City has decided to try and pay $460,000 in ransom to regain systems
  • It has been discovered that an employee had corrupted the systems by opening an email that spread within the network
Read More

 
City of Gainesville Architect, Alachua County

Breach Type - Phishing, Malware

News4 Jax

  • An employee had noticed several red flags following an email received
  • Details were amiss such as training dates not being expired and the email seemingly coming from a city architect
  • Once the correct contacts were made it was discovered that this was a large scale virus even going to the president of the US
Read More

 
Tallahassee City Manager’s Email, Leon County

Breach Type - Phishing, Malware

Tallahassee

  • The city manager’s email was taken over and used to send out a Dropbox link
  • Within the link was a virus meant to compromise systems
  • This email that had originated externally does not have seemed to cause any everlasting effects
Read More

 
City of Tallahassee Payroll System, Leon County

Breach Type - Hacking, Other

Tallahassee

  • 200 employees weren’t able to receive their paychecks following a hack into city payroll systems
  • Direct deposits were denied as the attack internally caused damage
  • IT is looking into if the attack was truly contained and attempt to reinforce their systems
Read More

 
Florida Keys Community College, Monroe County

Phishing, Data Breach

PR Newswire

  • The college is taking action after being exposed to an email campaign compromising several email accounts
  • Accounts that were exposed were looked into to determine what information was accessed
  • After investigation it was determined that sensitive personal information including social security was exposed
Read More

 
City of Pompano Beach, Broward County

Hacking, Data Breach

Sun Sentinel

  • Hackers accessed database of thousands of customer payment methods
  • Over 3,500 people were exposed after credit card company noted fraudulent charges
  • Tech department is consistently working to fix and patch issues as they arise
Read More

 
Town of Jupiter, Palm Beach County

Breach Type - Ransomware

CBS 12

  • Computer systems were down during malware attack
  • Source of malware reportedly encrypted data, demanding money for return of the files
  • Town of Jupiter did not pay ransom
  • Files restored & affected systems brought back online
Read More

 
City of Green Cove Springs, Clay County

Breach Type - Phishing, Malware

Clay Today Online

  • Phishing emails infiltrated several Clay county computers
  • Green Cove Springs employees opened malicious email attachments containing virus
  • Clicking the link allowed the virus to spread more
Read More

 
Florida Department of Health (Children’s Medical Services)

Breach Type - Phishing, Data Breach

PNJ

  • Data breach potentially compromised information of patients in 4 Florida counties
  • Department of Health employee’s email account compromised by hackers
  • Affected employee’s login credentials reset to terminate any inappropriate access
Read More

 
City of Lake Worth, Palm Beach County

Breach Type - Other, Data Breach

WPTV

  • City customers who payed online utility bills affected in data breach
  • Lake Worth advised those affected to monitor credit card bills for fraudulent charges
  • City vendor has taken steps to further neutralize the breach
Read More

 
City of St. Petersburg, Pinellas County

Breach Type - Other, Data Breach

St. Petersburg

  • Click2Gov informed city of malicious software found on server
  • Payment site immediately shut down to prevent access
  • Click2Gov pages used to accept credit card information had been breached
Read More

 
Reedy Creek Improvement District, Orange Co. & Osceola Co.

Breach Type - Phishing/Other

Orlando Sentinel

  • Disney's government fell victim to email hacking scheme
  • Employee sent approximately $722,000 to faulty vendor
  • Orange County Sheriff reports that only $94,000 left unrecovered
Read More

 
City of Lake Worth, Palm Beach County

Breach Type - Other, Data Breach

My Palm Beach Post

  • Click2Gov vulnerability affected utility customers of City of Lake Worth
  • Data breach hit customers throughout the 2017 year
  • One of longer Click2Gov breaches discovered of many cities hit
Read More

 
The Village of Wellington, Palm Beach Co.

Breach Type - Other/Vulnerability/Cryptojack

WPTV

  • Unauthorized charges on citizens' credit cards lead to discovery of exploited vulnerabilities in Wellington's utility bill pay system
  • Similar vulnerability found in system used by Oxnard, California
  • Village of Wellington notifies potentially compromised residents
Read More
GovTech

  • Hackers originally exploited vulnerability to crypto-mine Bitcoin cryptocurrency
  • Hackers expanded to include sophisticated skimmers to capture credit card numbers
Read More

 
City of Lake Worth Automatic Alert System, Palm Beach County

Breach Type - Phishing, Other

Gizmodo

  • Hackers infiltrated Lake Worth Automatic Alert system & changed alert messages
  • The culprits were responsible for reoccurring attacks since August 2017
  • Alerts went out to citizens were mainly pranks tainted with “zombie” related messages
Read More
My Palm Beach Post

  • FBI and FCC attracted by zombie-hoax hack
  • Hackers gained access to notification alert system via email phishing
  • Lake Worth City email compromised & re-wrote message
Read More

 
Okaloosa County Water & Sewer Department, Okaloosa County

Breach Type - Other, Data Breach

Okaloosa County

  • Several banks alerted the County to unauthorized charges on cards used to pay county water bills
  • Online payment system breached
  • System disabled until further secured
Read More

 
Lee County Tax Collector Email

Breach Type - Hack

Wink News

  • Tax collector's device compromised
  • Account was disabled
  • Spam emails sent out via tax collector's account
  • Office of Lee County has warned others about incident
Read More

 
Florida's Agency for Health Care Administration

Breach Type - Phishing

AP News

  • Employee fell victim to malicious phishing email
  • Hackers potentially accessed private files of over 30,000 Medicaid Recipients
  • Administration has no reason to believe that information is being misused
  • Re-training employees on proper security protocol
Read More

 
City of Ormond Beach, Volusia

Breach Type - Other, Data Breach

Daytona Beach News-Journal

  • City’s online payment system potentially breached
  • Police launched investigation
  • 175 customers saw fraudulent activity on their payment cards
  • Superion web payment vendor notified of the issue
Read More

 
Leon County ISIS Propaganda

Breach Type - Hack

USA Today

  • No valuable data compromised during hack
  • Propaganda, of North Korean Leader and ISIS, displayed on webpage for a few minutes
  • Hack on Leon County may be a random attack
  • Hacked by “Moroccan Islamic Union-Mail” - group that often hacks government website
Read More

 
Hillsborough Co, Pasco Co, Citrus Co, Clay Co, Volusia Co

Breach Type - Phishing

Tampa Bay Times

  • Russian hackers aimed to break into computer systems before the 2016 Presidential Election
  • Five county officials reported they received malicious emails
  • No publicly disclosed evidence shows that the counties were breached
  • Unclear how many counties received malicious emails/were originally targeted
Read More

 
Florida Department of Agriculture and Consumer Services

Breach Type - Hack

WPTV

  • Hackers may have obtained info on 16,000+ concealed weapon owners
  • Data breach originated overseas
  • Of the affected weapon owners, 500 social security numbers were obtained
  • Active investigation into this case
  • Only those renewing permits online were affected
Read More

 
Marion County

Breach Type - Ransomware

Marion County Office

  • County’s IT department claims multiple ransomware attacks launched
  • Each incident, considered isolated attacks, have been handled accordingly
  • Staff to block email attachments
  • IT will simulate phishing attempt training to employees of the count
Read More

 
City of Sarasota

Breach Type - Ransomware

My Suncoast

  • Employee received email with ransomware
  • Data held hostage and systems offline
  • City refused to pay ransom, utilized IT department
  • Recovered most of the lost files
Read More

 
Palm Beach County Department of Health

Breach Type - Hack

Palm Beach Flordia Health

  • Unauthorized access & possible misuse of information caused by hackers
  • All personal/financial information for clients of Palm Beach Co. Health Dep. potentially affected
  • Clients notified and advised to monitor credit information
Read More

 
BACK TO TOP

Medical

PracticeMax Ransomware Attack Impacts 258k at FL Urgent Care Center, Hillsborough County

Breach Type – Unknown, Ransomware

SC Magazine

  • “Fast Track Urgent Care Center, which has a network of urgent care centers in Tampa Bay, Florida, began notifying 258,411 individuals of a 2021 ransomware attack that originated at its billing vendor, PracticeMax."
  • “As previously reported, PracticeMax discovered suspicious activity on May 1 and later determined that a ransomware attack had occurred between April 17 and May 5."
  • “In October, both Humana and Anthem notified some members that their protected health information (PHI) had been exposed following the attack."
Read More

 
Data Breach at Florida hospitalist group affects more than 19,000 patients, Seminole County

Breach Type –Unkknown, Data Breach

Becker Hospital Review

  • "Central Florida Inpatient Medicine is notifying patients of an email data breach after a cybersecurity incident that affected 19,625 people."
  • "From Aug. 21 to Sept. 17, 2021, an unauthorized party accessed an employee email account at the Lake Mary, Fla., hospitalist group, it said. It discovered the breach May 5."
  • "The account contained patients' personal and protected health information, including diagnoses and treatment records, and in a limited number of cases, Social Security numbers and financial account information, according to the company."
  • "The organization said the incident did not affect all of its clients and it has no evidence that any of the data has been misused."
Read More

 
Jackson County Hospital District notifying patients of data breach

Breach Type –Hacking, Data Breach

DataBreaches.net

  • “Jackson County Hospital District (“Jackson Hospital”) is providing notice of a recent incident that may impact the privacy of some personal and/or medical information. Jackson Hospital is unaware of any misuse of individual information and is providing this notice out of an abundance of caution.”
  • “The preliminary internal investigation revealed several systems were potentially subject to unauthorized access…. the investigation confirmed an unknown actor accessed Jackson Hospital’s systems and took certain, limited data from its systems.”
  • “The types of personal information that may have been accessible to the unauthorized actor include: name, address, date of birth, contact information, Social Security number, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, financial account information, and username/password.”
Read More

 
Jackson Hospital fends off recent ransomware attack, Jackson County

Breach Type – Unknown, Ransomware

WCTV

  • “Jackson Hospital in Marianna fended off a ransomware attack earlier this month."
  • "IT personnel noticed a problem Sunday, January 9th. They said they couldn’t connect to the system doctors use to look up a patient’s medical history, and the hospital’s IT director realized it was infected with ransomware"
  • “We’re told the hospital was able to shut down their system before the virus spread throughout the entire hospital."
  • ”It has not been determined whether hackers had stolen any data."
Read More

 
Fla. Hospital Admits Patient, Employee Data Was Hacked, Broward County

Breach Type – Hacking, Data Breach

GovTech.com

  • “Broward Health hospital announced Saturday that it was hit by a data breach this fall that exposed personal and medical data of some of its patients and employees, but just how many were affected was not made public.”
  • “Broward Health said the breach occurred on Oct. 15, 2021, when “an intruder gained entry to the Broward Health network through the office of a third-party medical provider permitted to access the system to provide healthcare services.”
  • “The hospital said it also hired a cybersecurity firm to investigate and a data reviews specialist to examine the extent of the breach, and the latter determined “some patient and employee personal information may have been impacted.”
  • “Broward Health said it is offering those affected access to a free, two-year monitoring system.”
Read More

 
447,000 patients exposed after phishing attack on Florida practice, Orange County, FL

Breach Type – Phishing, Data Breach

Becker Hospital Review

  • "Orlando (Fla.) Family Physicians began notifying 447,426 patients that it was the victim of a phishing attack on its employee email accounts."
  • "On April 15, an unauthorized party accessed the email account of an employee by obtaining their user ID and password through a phishing email,"
  • "After the attack, the physician practice launched an investigation and found that three other employee email accounts had been breached. Within 24 hours, unauthorized access to each of the four email accounts was terminated, "
  • "the investigation determined that patient data in the email accounts may have been exposed. On July 9, the patients, prospective patients, employees and other people who had data in the email accounts were identified. Exposed data may include names, health insurance information, Social Security numbers, passport numbers and medical-related information."
Read More

 
Health Cyberattack Exposes PHI for 45k at Florida Heart Associates, Lee County

Breach Type – Unknown, Data Breach

Health Security

  • "Florida Heart Associates is notifying over 45,000 individuals about a health cyberattack that exposed their protected health information."
  • “It is possible that our patients’ Social Security number, member identification number, date of birth, and health insurance information may have been seen or accessed,” a Florida Heart Associates’ press release states."
  • “Our investigation revealed that malicious actors may have gained access to our network between May 9 and 19, 2021,” it states. “FHA security systems diminished the impact of the intrusion; however, an unknown actor still gained access to company servers and may have obtained information within.”
  • “There has been no “indication that patient information has been misused by an unauthorized individual.”
Read More

 
Physicians Dialysis Provides Notification of Data Security Incident

Breach Type – Hacking, Data Breach

The Atlanta Journal-Constitution

  • The cybersecurity experts engaged by Physicians Dialysis to investigate ultimately discovered evidence of unauthorized access to a Physicians Dialysis database.
  • Protected health information belonging to some current and former patients was contained in the affected database and potentially accessed.
  • This information included names, addresses, dates of birth, Social Security numbers, medical information, and/or health insurance or claims information.
  • Physicians Dialysis reported this matter to the FBI and will cooperate as necessary to hold the perpetrator accountable.
Read More

 
New COO Takes Over at The Villages Hospital as Ransomware Attack Freezes Computer

Breach Type – Unknown, Ransomware

Villages-News.com

  • A ransomware attack crippled computers at UF Health-The Villages Hospital.
  • Both hospitals have been forced to operate by pen and paper thanks to a ransomware attack which has shut down the computer system.
  • The attackers are reportedly demanding a $5 million ransom, although UF Health has not confirmed that number and remains tight lipped on the situation.
Read More

 
University of Miami Health, Miami-Dade County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Ransomware attack on vendor Accellion compromised patient data
  • Breach appears to be limited to specific Accellion server and does not extend to the rest of U Miami Health systems
  • Investigation is ongoing
Read More

 
AdventHealth Medical Group Surgical Specialist, Hillsborough County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • Patient information compromised following cyberattack
  • Names, birth dates, addresses, etc among data
  • Healthcare provider will send letters explaining breach
Read More

 
Leon Medical Center, Miami Dade County

Breach Type – Unknown, Ransomware

Data Breaches

  • Medical center was victim of ransomware cyberattack
  • Bad actors threatened to post the records of 1 million patients
  • Information leaked would include Social Security numbers, addresses, health insurance numbers, and photographs of the patients among others
Read More

 
UF Health, Alachua County

Breach Type – Unknown, Data Breach

Mainstreet Daily News

  • The blackbaud breach had no sensitive information exposed
  • Many different systems were exposed in the Blackbaud breach
  • Exposure is forcing medical systems to notify patients and donors about breach
Read More

 
NCH Healthcare Systems, Collier County

Breach Type – Unknown, Data Breach

Naples Daily News

  • Healthcare provider was victim of cyberattack involving a data breach
  • Names, addresses, and other information was leaked in the attack
  • Officials reassured patients that medical information remained intact
Read More

 
Cano Health LLC, Miami-Dade County

Breach Type – Phishing, Data Breach

Cano Health

  • Bad actor's utilized phishing in elaborate cyberattack
  • Three employee accounts had been accessed without authorization
  • Names, dates of birth, Social Security numbers among leaked info
Read More
Becker's Hospital Review

  • Investigation into cyberattack discovered three accounts accessed
  • Numerous emails contained private personal information
  • Nearly 30,000 people were affected by the cyberattack
Read More

 
Florida Orthopedic Institute, Hillsborough County

Breach Type – Unknown, Ransomware

Data Breaches

  • The institute notified the Californian Attorney General of the ransomware attack not including if any ransom was paid or what the attack entails
  • In attempts to protect their patients monitoring services have been offered to prevent misuse of the information
  • Sensitive patient information was exposed including but not limited to; Patient names, date of birth, social securities, and medial information
Read More

 
Cano Health LLC, Miami-Dade County

Breach Type – Hacking, Data Breach

Cano Health

  • Three employee email accounts were used by bad actors to gain confidential information
  • Officials advised affected patients of the cyberattack, unsure of specific date
  • Dates of birth, names, Social Security information were all likely accessed
Read More

 
Advanced Urgent Care of the Florida Keys, Monroe County

Breach Type – Unknown, Ransomware

Data Breaches

  • Bad actor known as "thedarkoverlord" utilized ransomware
  • Healthcare center didn't cooperate with bad actor
  • Provider had yet to publicly disclose breach of 14,000 patients' information
Read More

 
The Center for Facial Restoration, Broward County

Breach Type – Unknown, Ransomware

Beckers Hospital Review

  • Bad actor threatened to release patient information
  • Numerous patients reported receiving ransom demands
  • FBI conducted investigation into incident
Read More

 
NCH Healthcare, Collier County

Breach Type – Phishing, Data Breach

Health IT Security

  • NCH is facing an attack on its payroll systems discovered almost a month prior
  • It had been discovered that several employees had fallen victim because of the phishing scam
  • The employee data may have been potentially exposed, investigations continue in an effort to determine the extent of damage
Read More

 
Clearway Pain Solutions Institute, Escambia County

Breach Type - Hacking, Data Breach

Data Breaches

  • A third party had accessed the institute’s EMR system leading patients to be notified
  • Following the attack all users have been analyzed with validations to access levels
  • To help prevent any fraud due to patient exposure, people have been offered a membership to protect individuals
Read More

 
AdventHealth Medical Group Pulmonary & Sleep Medicine, Lake County

Breach Type - Hacking, Data Breach

Click Orlando

  • Sensitive patient information may have been exposed
  • A third party had hacked into the system and compromised security
  • Sensitive information regarding social security and more may have been compromised
Read More

 
FABEN Obstetrics and Gynecology, Duval County

Breach Type – Ransomware

Data Breaches

  • The medical clinic was infected with ransomware
  • It was detected quickly but it has not been disclosed how it happened
  • Infected files were deleted even though there were no backups of some files
Read More

 
Family Physicians Group, Orange County

Breach Type - Phishing, Data Breach

Orlando Sentinel

  • Family Physicians Group affected by hacking incident
  • Phishing attack on employee’s email account compromised personal health information
  • 8,400 patients notified of data breach
Read More

 
Cancer Treatment Centers of America, Palm Beach County

Breach Type - Phishing, Data Breach

WFLA

  • Cyber criminals targeted CTCA employees via phishing scheme
  • Personal information of 41,948 patients of Cancer Treatment Centers of America potentially compromised in data breach
  • Medical information and cancer types exposed in breach
Read More

 
Health First, Inc., Brevard County

Breach Type - Phishing, Data Breach

Data Breaches

  • Health First, Inc. notified HHS of a breach that affected 42,000 patients
  • Health First employees fell victim to phishing scam which compromised customer information
  • Though cyber criminals did not appear interested in obtaining personal data – a limited number of emails viewed contained protected health information
Read More

 
Health Management Concepts, Inc., Palm Beach County

Breach Type - Ransomware

Office of Attorney General

  • HMC server compromised with malicious ransomware
  • Ransom paid in attempt to decrypt data
  • Confidential patient data inadvertently provided to hackers
Read More

 
Florida Agency for Persons with Disabilities, Leon Co.

Breach Type - Phishing/Data Breach

APD Cares

  • Malicious phishing email compromised systems of Florida Agency for Persons with Disabilities
  • 1,951 APD patients potentially affected in data breach
  • APD upgraded security systems to further prevent unauthorized access to private information
Read More

 
Florida Hospital Websites

Breach Type - Hack

Orlando Sentinel

  • Malware compromises 3 Florida Hospital websites: FloridaBariatric, FHOrthoInstitute, and FHExecutiveHealth
  • Websites taken offline to repair malicious software
  • Some sensitive patient data potentially at risk
Read More

 
Guardian Pharmacy of Jacksonville, LLC.

Breach Type - Hack

DataBreaches

  • Hacker manipulated an employee email account
  • Obtained unauthorized access to limited patient information
  • A small group of individuals' financial records potentially accessed
Read More

 
St. Mark's Surgical Center

Breach Type - Ransomware

Health Data Management

  • 33,887 individuals potentially affected
  • No indication of improper use of patient's personal data
  • St. Mark's has taken multiple steps to protect data in the future
  • Offering potentially affected individuals identity protection and free credit monitoring
Read More

 
Greenway Health

Breach Type - Ransomware

DataBreaches

  • Greenway Health working with law enforcement & FBI
  • No patient data has been exfiltrated or otherwise misused
  • Incident isolated to Tampa location
Read More
DataBreaches: Updates

  • 400 of Greenway Health client EHR services affected
  • At least half of the systems have been restored
Read More

 
BACK TO TOP

Education

BlackCat ransomware group claims attack on Florida International University, Miami-Dade County

Breach Type –Unknown, Ransomware

The Record

  • “The BlackCat (ALPHV) ransomware group says it has struck again, with Florida International University as their latest victim.”
  • “Today, a ransomware group posted that sensitive FIU data had been exfiltrated. We have been investigating and there is no indication thus far that sensitive information has been compromised. At this time, no further information is available,” the university said.”
  • “A spokesperson for the university did not respond to follow-up questions about the group’s claims. Cybersecurity experts who looked at the allegedly stolen data confirmed that it did include sensitive information from staff and students at the university.”
Read More

 
Broward County Public Schools, Broward County

Breach Type – Hacking, Ransomware

Miami Herald

  • Threat actors demanded $40 million for the release of school district data
  • Compromised information includes students' and employees' SSNs, addresses, and dates of birth
  • The district has reported no intention of paying the ransom
Read More
Click Orlando

  • Threat actors from Conti group published nearly 26,ooo stolen files after their demands were not met
  • Compromised information includes employee mileage reports, employee travel reimbursement forms, invoices for spring water, invoices for school construction work, payments to Broward Sheriff’s Office or local police departments, utility bills, and employee phone lists
  • Threat actors claim to have more information than what was published
Read More

 
Alachua County School District, Alachua County

Breach Type – Unknown, Data Breach

Data Breaches

  • Vendor PCS Revenue Control System experienced data breach
  • The school district confirmed the legitimacy of a letter sent to families on Monday, March 29th
  • The vendor last worked with Alachua County School District in 2016
Read More

 
Polk County School District, Polk County

Breach Type – Unknown, Data Breach

WTSP

  • Data breach occured in December 2019
  • Students' names, ID numbers, and dates of birth were potentially exposed
  • Impacted families have been offered free identity monitoring
Read More

 
Leon County Schools, Leon County

Breach Type – Hacking, Other

WTXL

  • On the school's homepage negative messages were posted in a large orange banner for many to see
  • The post was removed from the website as soon as possible
  • There has been no indication that servers are at a larger risk and no other issues have been reported
Read More

 
Gulf Coast State College, Bay County

Breach Type – Phishing, Data Breach

WJHG

  • Students and employees received a letter stating that a hacker was able to gain access through an email scam
  • Letter stated that sensitive information was contained in emails that was exposed to bad actors
  • Upon discovering the attack IT was immediately contacted and outside forensic teams are being used to help restore normalcy to servers
Read More

 
Sumter County Public Schools, Sumter County

Breach Type – Phishing, Other

Orlando Weekly

  • Bad actors scammed school out of $206,000
  • School employee entered banking information on bogus website
  • Federal authorities apprehended the suspects
Read More

 
Wakulla County School District, Wakulla County

Breach Type – Hacking, Ransomware

WCTV

  • County School District hit with ransomware cyberattack that took down network
  • Insurance carrier paid ransom in bitcoin to attackers
  • Transportation, food service, and library program had all been affected
Read More

 
University of Florida (Student Government Websites), Alachua County

Breach Type – Hacking, Other: Website Defacement

WCJB

  • There were various websites hacked associated with the university's website
  • Data on the websites was replaced with obscenities and political messages prompting the sites to be restored the same day
Read More

 
Monroe County School District, Monroe County

Breach Type - Ransomware

Miami Herald

  • Monroe County School District fell victim to ransomware variant known as GandCrab
  • Ransomware encrypted data twice before Monroe fully recovered
  • There was no threat to student data
Read More

 
Florida Virtual School

Breach Type - Hack

Miami Herald

  • More than 350,000 potentially affected associates of Florida Virtual School
  • More than 1,800 Leon County school teachers had had private financial info exposed in attack
  • Florida Virtual School discovered hack 2 years later, offering free identity protection services
Read More

 
Walton School District

Breach Type - Phishing

WJHG

  • Walton School District employees fall victim to spear-phishing scheme
  • District implementing additional safeguard to ensure potentially affected individuals are protected
  • District notified employees, IRS, and local authorities
  • Thirty people potentially impacted by breach
Read More

 
Manatee County School District

Breach Type - Phishing

Bradenton Herald

  • Employees of school district fall victim to spear-phishing scheme
  • Sent W-2 forms of all district employees to hackers
  • District's cyber insurance may help pay for costs of attack
Read More
 
BACK TO TOP