Hackers steal $3.6 million from mental health organization in Florida

A non-profit organization providing mental health services in central Florida fell victim to a cyber attack that resulted in the theft of $3.6 million, as revealed by the local media Tampa Bay Times.

The theft occurred in October 2023, but it came to light recently following a report from the Orange County Sheriff's Office.

Cybercriminals managed to access the bank accounts of Central Florida Cares Health System, an organization contracted by the state to provide behavioral health services in the counties of Brevard, Orange, Osceola, and Seminole, where a significant Cuban-American community resides.

The incident occurred after an employee of the organization, having cleared her computer's cache, searched for the bank's name on Google and, unknowingly, entered the institutional credentials on a fraudulent site.

With that information, the hackers accessed the legitimate bank site and transferred the funds to unauthorized accounts. They also attempted to steal another 1.5 million dollars, but that attempt was thwarted.

The authorities, including the Secret Service, have launched an investigation. A woman in Texas has been charged with money laundering related to the case.

The executive director of Central Florida Cares, María Bledsoe, confirmed that they managed to recover 1.9 million dollars through insurance policies and assured that the incident did not affect the continuity of services.

"These individuals have become so clever and creative", Bledsoe stated while reporting on the implementation of new security measures, including bank changes, enhanced authentication, and additional training for their staff.

This is not an isolated case. Since July 2023, at least 35 health organizations in Florida have reported data breaches, compromising the information of more than 6.7 million patients, according to federal records.

Just last month, DermCare Management and Apollo Medical Supply reported separate breaches that exposed the information of over 4,000 patients.

Moreover, among those affected are the General Hospital of Tampa and providers such as Thriving Mind South Florida, which reported the potential exposure of sensitive data for 225,000 patients, including Social Security numbers and medical records.

The Florida Department of Health was also a victim of hackers last year. Cybercriminals published over 20,000 files on the dark web detailing HIV test results, detailed medical notes, and vaccination and virus test records, adds Government Technology.

In statements to the Tampa Bay Times, Hossain Shahriar, associate director of the University of West Florida Cybersecurity Center, warned that the healthcare sector often lags behind in technological investments and that many institutions continue to use vulnerable operating systems.

Cubans at risk?

In August 2024, a massive hack was revealed that exposed 2.7 billion records of residents in the U.S., potentially including thousands of Cubans living in the country. The breach, which included Social Security numbers and addresses, left many vulnerable to identity theft.

Given the large number of Cuban-Americans in Florida, especially in areas like Miami, Orlando, and Tampa, experts recommend that this community take extra precautions: monitor their credit reports, avoid opening suspicious emails, and stay informed about potential fraud.

Frequently Asked Questions about the Cyberattack on Central Florida Cares Health System