Public Safety

Jacksonville Sheriff's Office Systems Knocked Out for Part of Sunday, Limiting Officers' Ability to Arrest, Duval County

Breach Type – Unknown, Malware

The Tributary
August 7th, 2022

“Some of the Jacksonville Sheriff’s Office’s internal systems shut down Sunday, affecting police officers’ ability to file arrest reports, due to “suspicious activity”, the city reported."
“Neither the City of Jacksonville or the Jacksonville Sheriff’s Office are the subject of a ransomware attack... the City detected suspicious activity from an outside server".
”City officials said the crime was reported to the FBI and U.S. Secret Service, which handles cyber crime. Pembroke Pines notified city commissioners about the cyber attack this week, indicating the city’s computers were only “down for a short period of time,” some commissioners said./li>
"The situation is contained, and all systems are functioning properly. In an abundance of caution, the City and JSO have taken precautionary measures to limit access while cyber security teams finish a deep dive throughout the system.” Wohlert said.

Threat Actors claim to have attacked City of Dade City, Florida, Pasco County,FL

Breach Type – Hacking, Data Breach

Data Breaches
December 15th, 2020

“Avaddon threat actors claim to have attacked the City of Dade City, Florida.”
“The attackers also threaten to start dumping data in 4+ days if the city does not cooperate.”
“A Google search confirmed that at least one of the officers’ names in the list had been a Dade County Police officer at the time of the filestamp.”
“Dec. 22 update: The City of Dade sent this site a copy of their statement of December 8. Other than acknowledging that there was an attack and impact, it doesn’t really add anything new to what we know so far.”
“July 23, 2021 update: On July 21…934 people were being notified of this incident.”

ABC News
May 9th, 2021

“The police department in Dade City, a small town in Florida, currently has many of its files posted on the dark web by the ransomware gang Avaddon after the city decided not to pay the $450,000 worth of bitcoin that was demanded.”
“Leaked files show pictures of a dead body from a crime scene.”

Levy County Sheriff's Office, Levy County

Breach Type – Unknown, TDoS

My CBS 4
November 24th, 2020

Phone services were rendered unusable as calls were continually incoming
The repetitive calling forced the Sheriff’s Office to unplug phone lines
These repeating attacks have prompted a need for upgrading the systems

Monroe County Sheriff’s Office and Key West City Hall Monroe County

Breach Type – Unknown, Malware

Miami Herald
September 3rd, 2020

Servers were shut down for a week following a computer virus
Employees have to use pen and paper to continue normal operations
Online records and resources were rendered offline until repairs to servers are made

Levy County Sheriff's Office, Levy County

Breach Type – Unknown, DoS/TDoS

WCJB ABC 20
August 7th, 2020

Sheriff's office was victim of cyberattack, phone lines taken out
Bad actors utilized complicated denial of service attack
Emergency phone lines remained operational, officials suggested alternative contact methods

Levy County Sheriff's Office, Levy County

Breach Type – Unknown, TDoS

WJCP
July 17th, 2020

The cyber attack caused systems to shut down and forced deputies to work over cell phones
One the system was back up bad actors still held control over the system and demanded ransom
All non emergency lines remain down and exceptions were placed for contacting the Sheriff's office

North Miami Beach Police Department, Miami-Dade County

Breach Type - Unknown, Ransomware

Miami Herald
February 8th, 2020

Emergency services remained unaffected despite cyberattack
Ransomware confirmed as method used by bad actors
Officials remained unsure as to bad actor's identities

St. Lucie County Sheriff's Office, St. Lucie County

Breach Type – Unknown, Ransomware

CBS 12
December 17th, 2019

Federal law enforcement assisted Sheriff's Office with ransomware attack
Sheriff's Office network was mostly disconnected due to severity
Emails, arrest reports, criminal background checks among lost systems

Riviera Beach Police Department & City of Riviera Beach, Palm Beach County

Breach Type - Phishing, Ransomware

WPDF
June 4th, 2019

Florida city's email and computer systems were disabled in a cyber attack, local PD required to take nearly 300 reports by hand, daily
Infiltration came from email phishing that employee opened, city officials sought to approve finances to get critical systems restored
Riviera Beach Police Chief warned that with systems down, PD was unable to verify criminal history checks, among others

Star Tribune
June 19th, 2019

City agreed to pay hackers $600,000 in an attempt to save locked up data
City Council voted unanimously to move forward with payment after determining they had no other option to retrieve lost records
9-1-1 dispatch personnel were unable to enter calls into the computer system and found manual work arounds to prevent delay in response time

Palm Beach Post
July 5th, 2019

The city council had authorized the purchase of new systems for over $700,000
The systems are still not in place after hackers infiltrated the systems
Ransom was paid to bad actors totaling nearly $600,000 causing most functions to return but not all

City of Stuart, Martin County

Breach Type - Unknown, Ransomware

TC Palm
April 16th, 2019

A computer virus has shut down city servers blocking public contacts
911 systems were left unaffected as the virus was isolated and systems are being restored
The servers will be reactivated before the emails will be restored as there are now planned upgrades to the systems

TC Palm
April 17th, 2019

A Trikbot had been used that can lead to larger damage in the long run along with a Ryuk virus
No negotiations were made and the servers are being inspected to find how the virus initially entered the systems
Even the ransomware message was not entertained as officials refuse to state what the message said

WPTV
April 10th, 2019

The ransomware targeted the city causing communications with police, commissioners, and other staff to be interrupted
Police also were forced to handwrite reports and documents, not affecting public safety

Leon County Sheriff's Office

Breach Type - Virus

abc 27 WTXL
February 9th, 2018

Sheriff's Office & State Attorney's Office impacted by computer virus
Virus prohibits victim from sending documents
Leon County Clerk of Courts experienced similar issues

Tallahassee Democrat
February 13th, 2018

Aggressive worm virus causes abnormal computer behavior throughout Leon county
Forced employees of the county to rely on notepads for work
No information lost or compromised in the process
Leon County never fully down – slower process for daily tasks

Flagler Sheriff's Office

Breach Type - Hack

Flagler Live
April 15th, 2017

Sheriff's website hacked to show clickbait and vulgar content
Confusion between IT department and Google made it difficult to identify the problem
Weakness in firewalls left website vulnerable to malicious malware

Town of Palm Beach 911 Services

Breach Type - Ransomware

CBS 12
June 9th, 2016

Computer systems targeted twice in two weeks
Dispatchers used notepads to record calls
Restored systems without paying ransom

Local Government

Global Ransomware attack downs Florida Supreme Court and European Universities, Leon County

Breach Type – Unknown, Ransomware

Cybersecurity Insiders
February 7th, 2023

"A Global Ransomware campaign has reportedly targeted over 3800 organizations so far, including Florida Supreme Court and Universities operating in the United States and Central Europe. Analysis conducted by Ransomwhere; a digital platform that keeps a tab of all international cyber attacks says that the number of victims might increase as time unfolds. As the digital invasion seems to be the work of a threat group funded by Russia.”
"Although investigations revealed the attack is not much sophisticated, it is surprising security analysts across the globe because of the speed at which it is spreading.”
”The incident took place just after the revelation of Ransomware attacks on VMware ESXi Servers via a two-year-old exploit.”
”It is unclear on who exactly targeted the firm with the malware. However, confirmed sources state that the attack was of file encrypting malware variant and they did not bow down to the demands of hackers, as they had an efficient business continuity plan in place.”

A cybersecurity incident impacts the city of Dunedin, Pinellas County

Breach Type – Phishing, Malware

WUSF News
October 5th, 2022

“The city of Dunedin announced that officials discovered a cybersecurity incident impacting its network on Tuesday."
"According to a Wednesday news release, Dunedin's water and wastewater treatment facilities are secure and operational, and city phones are working.”
"However, city email, online payments for permits, inspection scheduling, utility billing and Parks & Recreation programs and Marina fees are all NOT working."

South Florida City Grapples with Ransomware Attack , Broward County

Breach Type – Unknown, Ransomware

GovTech.com
January 24th, 2022

“The city of Pembroke Pines has fallen victim to cyber criminals, becoming the latest in South Florida to be targeted in a rising wave of ransomware attacks.”
“The ransomware attack happened about Jan. 13, according to city spokeswoman Marianne Wohlert. The city so far won’t say which services were affected, but acknowledged the ransomware has “impacted our ability to access certain city computer systems.”
”City officials said the crime was reported to the FBI and U.S. Secret Service, which handles cyber crime. Pembroke Pines notified city commissioners about the cyber attack this week, indicating the city’s computers were only “down for a short period of time,” some commissioners said.”/li>
"Whether anyone’s personal data was breached is unclear. “Should our investigation determine that personal information was affected by this incident, we will provide notice to individuals as required,” Wohlert said.”

'Freeze your credit report': Cybersecurity experts advises after DEO security data breach, State of Florida

Breach Type – Unknown, Data Breach

ABC Action News
July 26th, 2021

“On July 16, 2021, the Department learned of a data security incident involving potentially fraudulent activity connected to claimant accounts within the Reemployment Assistance Claims and Benefits Information System, commonly known as CONNECT.”
“The Department discovered that malicious actors were targeting claimant accounts via the CONNECT public claimant portal. A total of 57,920 claimant accounts were targeted. These targeted accounts may have been accessed by an unauthorized party. This activity may have occurred between April 27, 2021, and July 16, 2021.”
“In response, the Department has: Locked accounts targeted by this activity; Improved PIN security controls; Enhanced network security controls; Notified impacted claimants; Notified the Department of Legal Affairs, Department of Management Services, including the Division of State Technology, and the Florida Department of Law Enforcement; Reported impacted accounts to the three U.S. credit reporting agencies; and Purchased a year’s subscription of identity protection services for affected claimants.”

20th Judicial District Public Defender’s Office servers, Lee County

Breach Type – Unknown, Malware

Fox 4
April 8th, 2021

Public Defender's office website taken down after malware attack
Still unclear at this point what malware variant the Defender's Office is dealing with
Phone lines are functional and the city's cyber security team is working to restore the website

City of Oldsmar Water Treatment Systems, Pinellas County

Breach Type – Hacking, Other

WTSP
February 8th, 2021

Bad actors were able to gain access to the water treatment plant and attempted to poison water supply
The remote access gained allowed hackers to bump the sodium hydroxide in the water to dangerous levels
Operators noticed the remote access and at first didn't notice the modifications hackers were making but were able to restore levels to normal

Florida Healthy Kids Corp., Leon County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
January 29th, 2021

Members were being notified of a 7-year data breach that exposed the information of hundred of thousands of applicants
They were notified on Dec. 9th of potential breach which exposed the websites massive vulnerabilities
There has been no confirmation on the extent or manner in which the information was possibly used

Indian River County Systems, Indian River County

Breach Type – Unknown, Data Breach

TCPalm
October 27th, 2020

Cyberattack left county government without access to online payments and emails
Officials reassured the public that phone lines remained intact
Personal data and payment information also remained secure

Martin County website, Martin County

Breach Type – Hacking, Data Breach

TC Palm
September 25th, 2020

Bad actors gained access to three year old data; no request for money was made
The information was stated to be low level and does not contain any vital information, however no public release has been made about what the data specifically entailed
It is believed that the hack was not locally based

Polk County Tax Collector's Office, Polk County

Breach Type – Phishing, Malware

News Chief
June 25th, 2020

County tax collector's office systems were taken out in cyberattack
Bad actors utilized email phishing to trick county employees
Computers, telephones, online processing, and service center operations were taken out

10 Tampa Bay
July 15th, 2020

Driver's license information possibly leaked following cyberattack
IT personnel managed to mitigate the attack by disabling systems
Officials stated a lack of evidence showing the information was actually accessed

The Ledger
August 8th, 2020

Roughly 4,500 citizens were sent letters following cyberattack
Officials stated they provided the warning out of an abundance of caution
Residents with additional questions were directed to contact an assistance telephone line

City of Palm Bay Utilities Dept and Building Division, Brevard County

Breach Type – Hacking, Malware

The City of Palm Bay Florida
June 30th, 2020

City government utility system was hacked
IT personnel deactivated affected server
Server was sent to digital forensics firm

Town of Jupiter, Palm Beach County

Breach Type – Unknown, Malware

WFLX
March 23rd, 2020

Malware cyberattack used in hit against Florida town
Email and other online services were taken out
Officials forced to resort to traditional methods until repaired

MSSP Alert
April 13th, 2020

Town network, including email and online payment system, was victim of cyberattack
Bad actors encrypted and locked numerous files which caused parts of the network to shut down
Officials were forced to revert to computer backups while IT personnel restored services

Palm Beach Post
April 10th, 2020

Three weeks following a ransomware attack most services remain inoperable
Services that have been restored are email, utility billing and online payment, services for records requests and recreation programming
The ransomware attack originated from a Russian linked computer bug named REvil/Sodinokibi

City of Marathon, Monroe County

Breach Type – Unknown, Malware

Shelby Star
March 20th, 2020

Communications system hit in cyberattack
Email, internet, and more were affected
Officials continued to work on restoring systems

Port St. Lucie Parks & Recreation Department, St. Lucie County

Breach Type – Unknown, Malware

TCPalm
January 30th, 2020

Minimal information exposed following cyberattack using malware
Officials believed personal and financial information wasn't accessed
Online services remained available despite hit

Volusia County Library Systems, Volusia County

Breach Type – Unknown, Malware

News Journal Online
January 17th, 2020

Officials refused to disclose specifics of outage
Malware likely caused outage at public library
Officials only confirmed the outage occurred, and it was an IT issue

Pensacola City

Breach Type – Unknown, Ransomware

PNJ
December 9th, 2019

City communications hit in ransomware cyberattack
Officials remained uncertain about personal information breach
Online payment systems affected, 911 services remained unaffected

City of Ocala, Marion County

Breach Type – Phishing, Other

Spectrum News 13
October 24th, 2019

Phishing cyberattack used against Florida city
Officials tricked into thinking email from bad actor was legitimate
City officials confirmed they had paid the faux contractor

City of Port Orange, Volusia County

Breach Type – Hacking, Data Breach

Spectrum News 13
October 18th, 2019

City payment services downed in cyberattack
Officials refunded late charges related to downed services
System was suspended deliberately to mitigate damage

Dunnellon City Hall, Marion County

Breach Type – Phishing, Malware

Ocala Star Banner
September 24th, 2019

City in Florida was victim of phishing malware cyberattack
Virus was able to send city staff emails that included infected attachments
Officials believed only two computers had been infected

Lee County Government Systems, Lee County

Breach Type – Unknown, Malware

WinkNews
September 20th, 2019

County manager confirmed cyberattack in Lee County, advised it was under investigation
County IT disabled access to county website as direct response to cyberattack
Officials forced to utilize cellular communication while networks were down

City of Deerfield Beach, Palm Beach County

Breach Type – Hacking, Data Breach

Gemini Advisory
September 19th, 2019

Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
City of Deerfield Beach one of the eight cities impacted

City of Palm Bay, Brevard County

Breach Type – Hacking, Data Breach

Gemini Advisory
September 19th, 2019

Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
City of Palm Bay one of the eight cities impacted

City of Milton, Santa Rosa County

Breach Type – Hacking, Data Breach

Gemini Advisory
September 19th, 2019

Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
City of Milton one of the eight cities impacted

City of Coral Springs, Broward County

Breach Type – Hacking, Data Breach

Gemini Advisory
September 19th, 2019

Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
City of Coral Springs one of the eight cities impacted

City of Naples, Collier County

Breach Type – Phishing, Other

Fox4now
August 1st, 2019

City of Naples victim of cyber scam, losing $700k during attack
Bad actors claimed funds would be used for construction project
City admitted it was victim of cyber attack, worked with law enforcement

Napelsnews
August 2nd, 2019

City officials advised that data breach did not occur
$700k loss was part of sophisticated cyber scam
Money was paid to fake bank account believed to be contractor

Village of Palm Springs, Palm Beach County

Breach Type - Phishing, Ransomware

WPTV
June 20th, 2019

Village Manager confirms a cyber attack occurred about a year ago – Ransomware called Amnesia 3
Believed that phishing email compromised systems and allowed for injection of malware
Hackers split ransom into 3 keys and village paid for 2 out of 3 ~$1,200 worth of Bitcoin
Hired an IT Director and outside IT firm to prepare for any future attacks

City of Mexico Beach, Bay County

Breach Type - Unknown, Ransomware

WJHG
June 20th, 2019

During early April the City of Mexico Beach experienced a ransomware attack locking users out of their systems
One officer had managed to stop another cyber attack, IT professionals are directing the county to decryption services
After the attack the city had decided to renew their security systems and add several layers of defense

Village of Key Biscayne, Miami-Dade County

Breach Type - Unknown, Ransomware

Miami CBS Local
June 26th, 2019

Key Biscayne was one of many Florida cities to report a cyber attack on their networks
The security “event” was noticed and outside parties meant to aid in investigations were brought in

Ars Technica
July 1st, 2019

Key Biscayne is among 3 other governments joining Lake City on the list of places affected by the Ryuk ransomware
All three cases have shown the origin of the virus to be from employee mistakes as employees open links/attachments in emails
One concern is that Key Biscayne is one of the smaller communities, yet it has been targeted as well as larger groups almost four times in size

Lake City, Columbia County

Breach Type - Unknown, Ransomware

WCJB
June 10th, 2019

Lake City was targeted by a multi staged attack that combines several methods to target systems
Several systems have been compromised and no longer can be used including land lines
Emergency services are still operable and remain intact after all attacks

Cyware
June 11th, 2019

Public safety networks were protected and isolated with several layers such as encryption nets
Bill payments are no longer electronic and require paper receipts and hand written bills
Resorting to hand written bills for both utility and water payments has been used to aid in services

Action News Jax
June 25th, 2019

After several attempts to fix this situation Lake City has decided to try and pay $460,000 in ransom to regain systems
It has been discovered that an employee had corrupted the systems by opening an email that spread within the network

City of Gainesville Architect, Alachua County

Breach Type - Phishing, Malware

News4 Jax
April 17th, 2019

An employee had noticed several red flags following an email received
Details were amiss such as training dates not being expired and the email seemingly coming from a city architect
Once the correct contacts were made it was discovered that this was a large scale virus even going to the president of the US

Tallahassee City Manager’s Email, Leon County

Breach Type - Phishing, Malware

Tallahassee
April 4th, 2019

The city manager’s email was taken over and used to send out a Dropbox link
Within the link was a virus meant to compromise systems
This email that had originated externally does not have seemed to cause any everlasting effects

City of Tallahassee Payroll System, Leon County

Breach Type - Hacking, Other

Tallahassee
April 4th, 2019

200 employees weren’t able to receive their paychecks following a hack into city payroll systems
Direct deposits were denied as the attack internally caused damage
IT is looking into if the attack was truly contained and attempt to reinforce their systems

Florida Keys Community College, Monroe County

Phishing, Data Breach

PR Newswire
February 27th, 2019

The college is taking action after being exposed to an email campaign compromising several email accounts
Accounts that were exposed were looked into to determine what information was accessed
After investigation it was determined that sensitive personal information including social security was exposed

City of Pompano Beach, Broward County

Hacking, Data Breach

Sun Sentinel
February 23rd, 2019

Hackers accessed database of thousands of customer payment methods
Over 3,500 people were exposed after credit card company noted fraudulent charges
Tech department is consistently working to fix and patch issues as they arise

Town of Jupiter, Palm Beach County

Breach Type - Ransomware

CBS 12
December 17th, 2018

Computer systems were down during malware attack
Source of malware reportedly encrypted data, demanding money for return of the files
Town of Jupiter did not pay ransom
Files restored & affected systems brought back online

City of Green Cove Springs, Clay County

Breach Type - Phishing, Malware

Clay Today Online
November 14th, 2018

Phishing emails infiltrated several Clay county computers
Green Cove Springs employees opened malicious email attachments containing virus
Clicking the link allowed the virus to spread more

Florida Department of Health (Children’s Medical Services)

Breach Type - Phishing, Data Breach

PNJ
November 9th, 2018

Data breach potentially compromised information of patients in 4 Florida counties
Department of Health employee’s email account compromised by hackers
Affected employee’s login credentials reset to terminate any inappropriate access

City of Lake Worth, Palm Beach County

Breach Type - Other, Data Breach

WPTV
October 9th, 2018

City customers who payed online utility bills affected in data breach
Lake Worth advised those affected to monitor credit card bills for fraudulent charges
City vendor has taken steps to further neutralize the breach

City of St. Petersburg, Pinellas County

Breach Type - Other, Data Breach

St. Petersburg
October 2nd, 2018

Click2Gov informed city of malicious software found on server
Payment site immediately shut down to prevent access
Click2Gov pages used to accept credit card information had been breached

Reedy Creek Improvement District, Orange Co. & Osceola Co.

Breach Type - Phishing/Other

Orlando Sentinel
June 25th, 2018

Disney's government fell victim to email hacking scheme
Employee sent approximately $722,000 to faulty vendor
Orange County Sheriff reports that only $94,000 left unrecovered

City of Lake Worth, Palm Beach County

Breach Type - Other, Data Breach

My Palm Beach Post
June 21st, 2018

Click2Gov vulnerability affected utility customers of City of Lake Worth
Data breach hit customers throughout the 2017 year
One of longer Click2Gov breaches discovered of many cities hit

The Village of Wellington, Palm Beach Co.

Breach Type - Other/Vulnerability/Cryptojack

WPTV
June 8th, 2018

Unauthorized charges on citizens' credit cards lead to discovery of exploited vulnerabilities in Wellington's utility bill pay system
Similar vulnerability found in system used by Oxnard, California
Village of Wellington notifies potentially compromised residents

GovTech
June 14th, 2018

Hackers originally exploited vulnerability to crypto-mine Bitcoin cryptocurrency
Hackers expanded to include sophisticated skimmers to capture credit card numbers

City of Lake Worth Automatic Alert System, Palm Beach County

Breach Type - Phishing, Other

Gizmodo
May 22nd, 2018

Hackers infiltrated Lake Worth Automatic Alert system & changed alert messages
The culprits were responsible for reoccurring attacks since August 2017
Alerts went out to citizens were mainly pranks tainted with “zombie” related messages

My Palm Beach Post
October 10th, 2018

FBI and FCC attracted by zombie-hoax hack
Hackers gained access to notification alert system via email phishing
Lake Worth City email compromised & re-wrote message

Okaloosa County Water & Sewer Department, Okaloosa County

Breach Type - Other, Data Breach

Okaloosa County
March 12th, 2018

Several banks alerted the County to unauthorized charges on cards used to pay county water bills
Online payment system breached
System disabled until further secured

Lee County Tax Collector Email

Breach Type - Hack

Wink News
February 22nd, 2018

Tax collector's device compromised
Account was disabled
Spam emails sent out via tax collector's account
Office of Lee County has warned others about incident

Florida's Agency for Health Care Administration

Breach Type - Phishing

AP News
January 6th, 2018

Employee fell victim to malicious phishing email
Hackers potentially accessed private files of over 30,000 Medicaid Recipients
Administration has no reason to believe that information is being misused
Re-training employees on proper security protocol

City of Ormond Beach, Volusia

Breach Type - Other, Data Breach

Daytona Beach News-Journal
October 12th, 2017

City’s online payment system potentially breached
Police launched investigation
175 customers saw fraudulent activity on their payment cards
Superion web payment vendor notified of the issue

Leon County ISIS Propaganda

Breach Type - Hack

USA Today
July 6th, 2017

No valuable data compromised during hack
Propaganda, of North Korean Leader and ISIS, displayed on webpage for a few minutes
Hack on Leon County may be a random attack
Hacked by “Moroccan Islamic Union-Mail” - group that often hacks government website

Hillsborough Co, Pasco Co, Citrus Co, Clay Co, Volusia Co

Breach Type - Phishing

Tampa Bay Times
June 6th, 2017

Russian hackers aimed to break into computer systems before the 2016 Presidential Election
Five county officials reported they received malicious emails
No publicly disclosed evidence shows that the counties were breached
Unclear how many counties received malicious emails/were originally targeted

Florida Department of Agriculture and Consumer Services

Breach Type - Hack

WPTV
May 22nd, 2017

Hackers may have obtained info on 16,000+ concealed weapon owners
Data breach originated overseas
Of the affected weapon owners, 500 social security numbers were obtained
Active investigation into this case
Only those renewing permits online were affected

Marion County

Breach Type - Ransomware

Marion County Office
January 17th, 2017

County’s IT department claims multiple ransomware attacks launched
Each incident, considered isolated attacks, have been handled accordingly
Staff to block email attachments
IT will simulate phishing attempt training to employees of the count

City of Sarasota

Breach Type - Ransomware

My Suncoast
August 20th, 2016

Employee received email with ransomware
Data held hostage and systems offline
City refused to pay ransom, utilized IT department
Recovered most of the lost files

Palm Beach County Department of Health

Breach Type - Hack

Palm Beach Flordia Health
April 11th, 2016

Unauthorized access & possible misuse of information caused by hackers
All personal/financial information for clients of Palm Beach Co. Health Dep. potentially affected
Clients notified and advised to monitor credit information

Medical

4.2M Individuals Impacted by Healthcare Data Breach at Independent Living Systems, Miami-Dade County

Breach Type – Unknown, Data Breach

Health IT Security
March 16th, 2023

"March 16, 2023 - Miami, Florida-based Independent Living Systems (ILS) disclosed a healthcare data breach that impacted more than 4 million individuals, making it the largest reported healthcare data breach of 2023 to date. ILS is a business associate of Florida Community Care and HPMP of Florida. ILS provides “clinical and third-party administrative services to managed care organizations and providers that serve high-cost, complex member populations in the Medicare, Medicaid and Dual-Eligible Market,” its website states."
"ILS discovered that some of its systems were inaccessible on July 5, 2022 and immediately engaged cybersecurity specialists to respond to the incident. An unauthorized actor was able to access and acquire some information."
”Although the breach occurred between June 30 and July 5, 2022, ILS did not determine the scope of the breach until months later. ILS said it posted a preliminary breach notice on its website in September 2022 but did not complete its review of the affected information until January 2023."
”The data involved in the breach varied by individual but may have included names, addresses, Social Security numbers, financial account information, medical record numbers, Medicare or Medicaid information, mental and physical treatment information, food delivery information, dates of birth, driver’s license numbers, diagnosis codes, admission and discharge dates, billing information, health insurance information, and prescription information.”
”ILS takes this incident and the security of information entrusted to it very seriously,” the breach notice stated. “In response to this incident, ILS promptly took steps to mitigate any risk of compromise to individuals' information and better prevent a similar event from reoccurring. ILS remains committed to safeguarding the privacy and security of information in its possession.”

Another ransomware attack results in a HIPAA breach: Florida Medical Center,Broward County

Breach Type – Unknown, Ransomware

DataBreaches.net
March 11th, 2023

"In a notice issued yesterday, Florida Medical Clinic (“FMC”) confirmed that unauthorized individuals gained access to its computer network and used ransomware to encrypt files."
"FMC detected suspicious activity on January 9, 2023, and the incident was fully contained within hours. FMC states they were able to “proactively isolate the exposure.” DataBreaches has sent them an inquiry asking they accomplished that."
”There is no evidence that any of the accessed information has been improperly used, and Florida Medical Clinic has secured evidence that all of the stolen files were permanently deleted. We feel strongly that any information obtained was not used for malicious intent. Nevertheless, we are notifying you of this event.”
”the overwhelming majority of the files — over 95% — included only an individual’s name and no other personally identifiable information. The remaining files may have included information such as medical information, phone number, email address, date of birth, and address. Only 115 patient Social Security numbers were compromised."

Tallahassee hospital takes IT systems offline, postpones procedures after apparent cyber attack, Leon County

Breach Type – Unknown, Ransomware

Fierce Healthcare
February 4th, 2023

"Tallahassee Memorial HealthCare is diverting some emergency patients to other hospitals and canceling non-emergency surgical and outpatient procedures after an "IT security issue" occurred late Thursday."
"The healthcare provider, which operates a 772-bed hospital and multiple specialty care centers, also took its IT systems offline, according to a statement posted on its website Friday morning."
”Local media are reporting that the IT security breach is a suspected ransomware attack, citing sources with knowledge of the situation.”
”Staff have been unable to access digital patient records and lab results because of the shutdown, CNN reported, citing a hospital source.”
”Tallahassee Memorial HealthCare spokesperson Tori Lynn Schneider told CNN “some” emergency patients were being diverted to facilities outside of the organization’s network, but declined to say how many patients. All non-emergency and elective procedures scheduled for Monday were canceled because of the hacking incident, Schneider said.”

Hive Claims Responsibility for Nursing Home Chain Attack, Orange County

Breach Type – Unknown, Ransomware

GovInfo Security
January 9th, 2023

"A Florida-based nursing home chain with a checkered past says an unnamed third party vendor is responsible for a data breach incident. Ransomware-as-a-service group Hive says it directly targeted Consulate Health Care and posted online data including patient records, employee data and internal documents.”
“Consulate Health Care last week posted an online notice fingering "one of our vendors" for the breach. Hive, on its dark web leak site, says it went directly after the nursing home chain in the hopes of obtaining an extortion payment from what the group asserts is a $1 billion company.”
“Published data seen by Information Security Media Group does not appear to include the entire claimed data set but Hive added an additional link having a path extension that says "will be released in 3 days." The link currently resolves to a blank page.”

Lee County Emergency Medical Services Notifies Past Customers of Third-Party Security Breach, Lee County

Breach Type – Unknown, Data Breach

Data Breaches
August 15th, 2022

“Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer data breach related to a previous third-party vendor responsible for ambulance billing services."
“Of all the records the firm handled, less than 2% of the total may have been compromised."
"The county immediately worked with Intermedix and SGR to assist their efforts to notify those who are potentially impacted, as required by federal law. Impacted individuals should receive a letter in the mail within the next 14 to 21 days."

Dental Care Alliance Reaches $3M Proposed Settlement Over Healthcare Cyberattack, Sarasota County

Breach Type – Unknown, Data Breach

Health IT Security
August 10th, 2022

“The DCA breach was one of the largest healthcare data breaches of 2020. DCA detected anomalous activity within its environment on October 11 and later determined that hackers had maintained access to its network from September 18 to October 13."
“The information that was potentially accessed included names, treatment information, dental diagnoses, addresses, patient account numbers, employee names, employee identification numbers billing information, dentists’ names...".

PracticeMax Ransomware Attack Impacts 258k at FL Urgent Care Center, Hillsborough County

Breach Type – Unknown, Ransomware

SC Magazine
August 1st, 2022

“Fast Track Urgent Care Center, which has a network of urgent care centers in Tampa Bay, Florida, began notifying 258,411 individuals of a 2021 ransomware attack that originated at its billing vendor, PracticeMax."
“As previously reported, PracticeMax discovered suspicious activity on May 1 and later determined that a ransomware attack had occurred between April 17 and May 5."
“In October, both Humana and Anthem notified some members that their protected health information (PHI) had been exposed following the attack."

Data Breach at Florida hospitalist group affects more than 19,000 patients, Seminole County

Breach Type –Unkknown, Data Breach

Becker Hospital Review
June 17th, 2022

"Central Florida Inpatient Medicine is notifying patients of an email data breach after a cybersecurity incident that affected 19,625 people."
"From Aug. 21 to Sept. 17, 2021, an unauthorized party accessed an employee email account at the Lake Mary, Fla., hospitalist group, it said. It discovered the breach May 5."
"The account contained patients' personal and protected health information, including diagnoses and treatment records, and in a limited number of cases, Social Security numbers and financial account information, according to the company."
"The organization said the incident did not affect all of its clients and it has no evidence that any of the data has been misused."

Jackson County Hospital District notifying patients of data breach

Breach Type –Hacking, Data Breach

DataBreaches.net
February 12th, 2022

“Jackson County Hospital District (“Jackson Hospital”) is providing notice of a recent incident that may impact the privacy of some personal and/or medical information. Jackson Hospital is unaware of any misuse of individual information and is providing this notice out of an abundance of caution.”
“The preliminary internal investigation revealed several systems were potentially subject to unauthorized access…. the investigation confirmed an unknown actor accessed Jackson Hospital’s systems and took certain, limited data from its systems.”
“The types of personal information that may have been accessible to the unauthorized actor include: name, address, date of birth, contact information, Social Security number, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, financial account information, and username/password.”

Jackson Hospital fends off recent ransomware attack, Jackson County

Breach Type – Unknown, Ransomware

WCTV
January 17th, 2022

“Jackson Hospital in Marianna fended off a ransomware attack earlier this month."
"IT personnel noticed a problem Sunday, January 9th. They said they couldn’t connect to the system doctors use to look up a patient’s medical history, and the hospital’s IT director realized it was infected with ransomware"
“We’re told the hospital was able to shut down their system before the virus spread throughout the entire hospital."
”It has not been determined whether hackers had stolen any data."

Fla. Hospital Admits Patient, Employee Data Was Hacked, Broward County

Breach Type – Hacking, Data Breach

GovTech.com
January 3rd, 2022

“Broward Health hospital announced Saturday that it was hit by a data breach this fall that exposed personal and medical data of some of its patients and employees, but just how many were affected was not made public.”
“Broward Health said the breach occurred on Oct. 15, 2021, when “an intruder gained entry to the Broward Health network through the office of a third-party medical provider permitted to access the system to provide healthcare services.”
“The hospital said it also hired a cybersecurity firm to investigate and a data reviews specialist to examine the extent of the breach, and the latter determined “some patient and employee personal information may have been impacted.”
“Broward Health said it is offering those affected access to a free, two-year monitoring system.”

447,000 patients exposed after phishing attack on Florida practice, Orange County, FL

Breach Type – Phishing, Data Breach

Becker Hospital Review
July 29th, 2021

"Orlando (Fla.) Family Physicians began notifying 447,426 patients that it was the victim of a phishing attack on its employee email accounts."
"On April 15, an unauthorized party accessed the email account of an employee by obtaining their user ID and password through a phishing email,"
"After the attack, the physician practice launched an investigation and found that three other employee email accounts had been breached. Within 24 hours, unauthorized access to each of the four email accounts was terminated, "
"the investigation determined that patient data in the email accounts may have been exposed. On July 9, the patients, prospective patients, employees and other people who had data in the email accounts were identified. Exposed data may include names, health insurance information, Social Security numbers, passport numbers and medical-related information."

Health Cyberattack Exposes PHI for 45k at Florida Heart Associates, Lee County

Breach Type – Unknown, Data Breach

Health Security
July 19th, 2021

"Florida Heart Associates is notifying over 45,000 individuals about a health cyberattack that exposed their protected health information."
“It is possible that our patients’ Social Security number, member identification number, date of birth, and health insurance information may have been seen or accessed,” a Florida Heart Associates’ press release states."
“Our investigation revealed that malicious actors may have gained access to our network between May 9 and 19, 2021,” it states. “FHA security systems diminished the impact of the intrusion; however, an unknown actor still gained access to company servers and may have obtained information within.”
“There has been no “indication that patient information has been misused by an unauthorized individual.”

Physicians Dialysis Provides Notification of Data Security Incident

Breach Type – Hacking, Data Breach

The Atlanta Journal-Constitution
June 28th, 2021

The cybersecurity experts engaged by Physicians Dialysis to investigate ultimately discovered evidence of unauthorized access to a Physicians Dialysis database.
Protected health information belonging to some current and former patients was contained in the affected database and potentially accessed.
This information included names, addresses, dates of birth, Social Security numbers, medical information, and/or health insurance or claims information.
Physicians Dialysis reported this matter to the FBI and will cooperate as necessary to hold the perpetrator accountable.

New COO Takes Over at The Villages Hospital as Ransomware Attack Freezes Computer

Breach Type – Unknown, Ransomware

Villages-News.com
June 3rd, 2021

A ransomware attack crippled computers at UF Health-The Villages Hospital.
Both hospitals have been forced to operate by pen and paper thanks to a ransomware attack which has shut down the computer system.
The attackers are reportedly demanding a $5 million ransom, although UF Health has not confirmed that number and remains tight lipped on the situation.

University of Miami Health, Miami-Dade County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
March 26th, 2021

Ransomware attack on vendor Accellion compromised patient data
Breach appears to be limited to specific Accellion server and does not extend to the rest of U Miami Health systems
Investigation is ongoing

AdventHealth Medical Group Surgical Specialist, Hillsborough County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
January 25th, 2021

Patient information compromised following cyberattack
Names, birth dates, addresses, etc among data
Healthcare provider will send letters explaining breach

Leon Medical Center, Miami Dade County

Breach Type – Unknown, Ransomware

Data Breaches
December 24th, 2020

Medical center was victim of ransomware cyberattack
Bad actors threatened to post the records of 1 million patients
Information leaked would include Social Security numbers, addresses, health insurance numbers, and photographs of the patients among others

UF Health, Alachua County

Breach Type – Unknown, Data Breach

Mainstreet Daily News
August 18th, 2020

The blackbaud breach had no sensitive information exposed
Many different systems were exposed in the Blackbaud breach
Exposure is forcing medical systems to notify patients and donors about breach

NCH Healthcare Systems, Collier County

Breach Type – Unknown, Data Breach

Naples Daily News
August 12th, 2020

Healthcare provider was victim of cyberattack involving a data breach
Names, addresses, and other information was leaked in the attack
Officials reassured patients that medical information remained intact

Cano Health LLC, Miami-Dade County

Breach Type – Phishing, Data Breach

Cano Health
June 12th, 2020

Bad actor's utilized phishing in elaborate cyberattack
Three employee accounts had been accessed without authorization
Names, dates of birth, Social Security numbers among leaked info

Becker's Hospital Review
June 24th, 2020

Investigation into cyberattack discovered three accounts accessed
Numerous emails contained private personal information
Nearly 30,000 people were affected by the cyberattack

Florida Orthopedic Institute, Hillsborough County

Breach Type – Unknown, Ransomware

Data Breaches
June 22nd, 2020

The institute notified the Californian Attorney General of the ransomware attack not including if any ransom was paid or what the attack entails
In attempts to protect their patients monitoring services have been offered to prevent misuse of the information
Sensitive patient information was exposed including but not limited to; Patient names, date of birth, social securities, and medial information

Cano Health LLC, Miami-Dade County

Breach Type – Hacking, Data Breach

Cano Health
June 12th, 2020

Three employee email accounts were used by bad actors to gain confidential information
Officials advised affected patients of the cyberattack, unsure of specific date
Dates of birth, names, Social Security information were all likely accessed

Advanced Urgent Care of the Florida Keys, Monroe County

Breach Type – Unknown, Ransomware

Data Breaches
March 14th, 2020

Bad actor known as "thedarkoverlord" utilized ransomware
Healthcare center didn't cooperate with bad actor
Provider had yet to publicly disclose breach of 14,000 patients' information

The Center for Facial Restoration, Broward County

Breach Type – Unknown, Ransomware

Beckers Hospital Review
January 10th, 2020

Bad actor threatened to release patient information
Numerous patients reported receiving ransom demands
FBI conducted investigation into incident

NCH Healthcare, Collier County

Breach Type – Phishing, Data Breach

Health IT Security
August 15th, 2019

NCH is facing an attack on its payroll systems discovered almost a month prior
It had been discovered that several employees had fallen victim because of the phishing scam
The employee data may have been potentially exposed, investigations continue in an effort to determine the extent of damage

Clearway Pain Solutions Institute, Escambia County

Breach Type - Hacking, Data Breach

Data Breaches
April 11th, 2019

A third party had accessed the institute’s EMR system leading patients to be notified
Following the attack all users have been analyzed with validations to access levels
To help prevent any fraud due to patient exposure, people have been offered a membership to protect individuals

AdventHealth Medical Group Pulmonary & Sleep Medicine, Lake County

Breach Type - Hacking, Data Breach

Click Orlando
February 14th, 2019

Sensitive patient information may have been exposed
A third party had hacked into the system and compromised security
Sensitive information regarding social security and more may have been compromised

FABEN Obstetrics and Gynecology, Duval County

Breach Type – Ransomware

Data Breaches
January 31st, 2019

The medical clinic was infected with ransomware
It was detected quickly but it has not been disclosed how it happened
Infected files were deleted even though there were no backups of some files

Family Physicians Group, Orange County

Breach Type - Phishing, Data Breach

Orlando Sentinel
December 29th, 2018

Family Physicians Group affected by hacking incident
Phishing attack on employee’s email account compromised personal health information
8,400 patients notified of data breach

Cancer Treatment Centers of America, Palm Beach County

Breach Type - Phishing, Data Breach

WFLA
December 6th, 2018

Cyber criminals targeted CTCA employees via phishing scheme
Personal information of 41,948 patients of Cancer Treatment Centers of America potentially compromised in data breach
Medical information and cancer types exposed in breach

Health First, Inc., Brevard County

Breach Type - Phishing, Data Breach

Data Breaches
November 12th, 2018

Health First, Inc. notified HHS of a breach that affected 42,000 patients
Health First employees fell victim to phishing scam which compromised customer information
Though cyber criminals did not appear interested in obtaining personal data – a limited number of emails viewed contained protected health information

Health Management Concepts, Inc., Palm Beach County

Breach Type - Ransomware

Office of Attorney General
August 22nd, 2018

HMC server compromised with malicious ransomware
Ransom paid in attempt to decrypt data
Confidential patient data inadvertently provided to hackers

Florida Agency for Persons with Disabilities, Leon Co.

Breach Type - Phishing/Data Breach

APD Cares
May 10th, 2018

Malicious phishing email compromised systems of Florida Agency for Persons with Disabilities
1,951 APD patients potentially affected in data breach
APD upgraded security systems to further prevent unauthorized access to private information

Florida Hospital Websites

Breach Type - Hack

Orlando Sentinel
May 3rd, 2018

Malware compromises 3 Florida Hospital websites: FloridaBariatric, FHOrthoInstitute, and FHExecutiveHealth
Websites taken offline to repair malicious software
Some sensitive patient data potentially at risk

Guardian Pharmacy of Jacksonville, LLC.

Breach Type - Hack

DataBreaches
April 13th, 2018

Hacker manipulated an employee email account
Obtained unauthorized access to limited patient information
A small group of individuals' financial records potentially accessed

St. Mark's Surgical Center

Breach Type - Ransomware

Health Data Management
August 25th, 2017

33,887 individuals potentially affected
No indication of improper use of patient's personal data
St. Mark's has taken multiple steps to protect data in the future
Offering potentially affected individuals identity protection and free credit monitoring

Greenway Health

Breach Type - Ransomware

DataBreaches
April 4th, 2017

Greenway Health working with law enforcement & FBI
No patient data has been exfiltrated or otherwise misused
Incident isolated to Tampa location

DataBreaches: Updates
May 1st, 2017

400 of Greenway Health client EHR services affected
At least half of the systems have been restored

Education

BlackCat ransomware group claims attack on Florida International University, Miami-Dade County

Breach Type –Unknown, Ransomware

The Record
April 11th, 2022

“The BlackCat (ALPHV) ransomware group says it has struck again, with Florida International University as their latest victim.”
“Today, a ransomware group posted that sensitive FIU data had been exfiltrated. We have been investigating and there is no indication thus far that sensitive information has been compromised. At this time, no further information is available,” the university said.”
“A spokesperson for the university did not respond to follow-up questions about the group’s claims. Cybersecurity experts who looked at the allegedly stolen data confirmed that it did include sensitive information from staff and students at the university.”

Broward County Public Schools, Broward County

Breach Type – Hacking, Ransomware

Miami Herald
March 31st, 2021

Threat actors demanded $40 million for the release of school district data
Compromised information includes students' and employees' SSNs, addresses, and dates of birth
The district has reported no intention of paying the ransom

Click Orlando
April 20th, 2021

Threat actors from Conti group published nearly 26,ooo stolen files after their demands were not met
Compromised information includes employee mileage reports, employee travel reimbursement forms, invoices for spring water, invoices for school construction work, payments to Broward Sheriff’s Office or local police departments, utility bills, and employee phone lists
Threat actors claim to have more information than what was published

Alachua County School District, Alachua County

Breach Type – Unknown, Data Breach

Data Breaches
March 31st, 2021

Vendor PCS Revenue Control System experienced data breach
The school district confirmed the legitimacy of a letter sent to families on Monday, March 29th
The vendor last worked with Alachua County School District in 2016

Polk County School District, Polk County

Breach Type – Unknown, Data Breach

WTSP
March 24th, 2021

Data breach occured in December 2019
Students' names, ID numbers, and dates of birth were potentially exposed
Impacted families have been offered free identity monitoring

Leon County Schools, Leon County

Breach Type – Hacking, Other

WTXL
March 16th, 2021

On the school's homepage negative messages were posted in a large orange banner for many to see
The post was removed from the website as soon as possible
There has been no indication that servers are at a larger risk and no other issues have been reported

Gulf Coast State College, Bay County

Breach Type – Phishing, Data Breach

WJHG
October 2, 2020

Students and employees received a letter stating that a hacker was able to gain access through an email scam
Letter stated that sensitive information was contained in emails that was exposed to bad actors
Upon discovering the attack IT was immediately contacted and outside forensic teams are being used to help restore normalcy to servers

Sumter County Public Schools, Sumter County

Breach Type – Phishing, Other

Orlando Weekly
January 26th, 2020

Bad actors scammed school out of $206,000
School employee entered banking information on bogus website
Federal authorities apprehended the suspects

Wakulla County School District, Wakulla County

Breach Type – Hacking, Ransomware

WCTV
September 20th, 2019

County School District hit with ransomware cyberattack that took down network
Insurance carrier paid ransom in bitcoin to attackers
Transportation, food service, and library program had all been affected

University of Florida (Student Government Websites), Alachua County

Breach Type – Hacking, Other: Website Defacement

WCJB
August 10th, 2019

There were various websites hacked associated with the university's website
Data on the websites was replaced with obscenities and political messages prompting the sites to be restored the same day

Monroe County School District, Monroe County

Breach Type - Ransomware

Miami Herald
September 12th, 2018

Monroe County School District fell victim to ransomware variant known as GandCrab
Ransomware encrypted data twice before Monroe fully recovered
There was no threat to student data

Florida Virtual School

Breach Type - Hack

Miami Herald
March 9th, 2018

More than 350,000 potentially affected associates of Florida Virtual School
More than 1,800 Leon County school teachers had had private financial info exposed in attack
Florida Virtual School discovered hack 2 years later, offering free identity protection services

Walton School District

Breach Type - Phishing

WJHG
March 21st, 2017

Walton School District employees fall victim to spear-phishing scheme
District implementing additional safeguard to ensure potentially affected individuals are protected
District notified employees, IRS, and local authorities
Thirty people potentially impacted by breach

Manatee County School District

Breach Type - Phishing

Bradenton Herald
February 10th, 2017

Employees of school district fall victim to spear-phishing scheme
Sent W-2 forms of all district employees to hackers
District's cyber insurance may help pay for costs of attack

Florida Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in
9-1-1 Cyber News?

Follow Us!

Florida Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in9-1-1 Cyber News?

Follow Us!

Want the latest in
9-1-1 Cyber News?