Florida Department of Health says security incident impacted over 725,000 individuals

The Florida Department of Health said it experienced a significant data security incident in June that compromised the sensitive personal information of more than 725,000 individuals.

 

In a notice of data security incident posted on its website, the state health department said that on June 26, it identified a security breach in its internal network that involved threat actors gaining unauthorised access to some of the department’s confidential data.

 

The department immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also notified relevant law enforcement authorities and referred the matter to the Florida Department of Law Enforcement for investigation.

 

“The forensic cyber investigation revealed that unauthorised activity occurred on June 26, 2024,” the department said. “The security breach in our network resulted in the unauthorized access of personal identifying and/or protected health information.”

 

The compromised data included names, dates of birth, addresses, Social Security Numbers, banking information, credit card information, driver’s license numbers, passport numbers, military identification numbers, Nexus numbers, medical and dental history, medication/prescription information, provider/doctor/care coordinator names, insurance claim information, insurance coverage information, and passwords.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Florida Department of Health said it has identified approximately 729,699 individuals whose data was accessed during the data security incident.

 

“As soon as the Department became aware of the breach, we promptly shut down the affected networks and isolated the compromised servers while implementing enhanced security measures to prevent further unauthorised access,” the department added. “We have notified both the Office of Legal Affairs and the U.S. Department of Health and Human Services’ Office of Civil Rights about the incident.”

 

The department has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Kroll to all affected individuals.