The Florida Department of Health has confirmed a significant data breach, giving hackers access to personal information including names, social security numbers and medical records.
Floridians have started getting letters in the mail informing them of the June 26 cyberattack and of the specific items that may have been compromised.
Watch NBC6 free wherever you are
"The security breach in our network resulted in the unauthorized access of personal identifying and/or protected health information, such as a client’s name, date of birth, address, Social Security Number, banking information, credit card information, driver’s license number, passport number, military identification number, Nexus number, medical and dental history, medication/prescription information, provider/doctor/care coordinator name, insurance claim information, insurance coverage information, and passwords,” the department said Wednesday. “The personalized letters sent to each individual by the department include specific details regarding each individual's impacted personal data."
A known hacking group got access to the data and demanded a ransom. However, Florida has a policy of not paying ransom to criminals who pull off these types of crimes.
Get local news you need to know to start your day with NBC 6's News Headlines newsletter.
"No state agencies municipalities, anybody that is in government in the state of Florida, can pay the bad guys the ransom, so now the bad guys had no choice but to say, you know what, if you’re not going to pay us, we are just going to release this and sell it out to the public," cybersecurity expert Reginald Andre said.
Florida law states a state agency should notify a client of a data breach within 30 days. That notification can be delayed if it interferes with the investigation.
Andre said any delay works against the consumer.
Local
"They need to do a blast out, to all of the residents and consumers, and say, look, this is happening, be careful, at least, at the minimum saying that, that would help so much," Andre said.
Because of the breach, the state is working with the company Kroll to offer complimentary identity and credit monitoring services for 12 months.
If you have received a letter from the health department regarding the breach, log on to the website Kroll.com for more information on monitoring services.