Site icon The Capitolist

Florida bolsters cybersecurity under new legislation

Gov. Ron DeSantis signed legislation to strengthen Florida’s cybersecurity by enhancing the capabilities of the state’s Cyber Florida center, focusing on developing technologies with military and civilian applications and supporting cybersecurity initiatives across state agencies.

Gov. Ron DeSantis signed legislation last week aimed at bolstering the state’s cybersecurity defenses.

The bill, passed unanimously by both chambers of the Florida Legislature, enhances the operational scope of the Florida Center for Cybersecurity, colloquially known as Cyber Florida, based at the University of South Florida. The measure orders Cyber Florida to expand its development of technologies with potential military and civilian applications.

“Over the last decade, cybersecurity has rapidly become a growing concern. Cyberattacks are growing infrequency and severity,” a House legislative analysis reads. “The bill adds the following new mission: conduct, fund, and facilitate research and applied science that leads to the creation of new technologies and software packages that have military and civilian applications and which can be transferred for military and homeland defense purposes or for sale or use in the private sector.”

Under the bill’s purview, Cyber Florida will provide voluntary support to state agencies like the Department of Management Services and the Florida Digital Service in various cybersecurity initiatives. It will also serve to enhance cybersecurity through training, professional development, and education for state and local government employees to help position the state as a leader in cybersecurity through education, research, and public-private partnerships.

The legislation comes as Florida has struggled to defend against digital attacks. Hospital ransomware attacks more than doubled between the years of 2016 and 2021, according to a study conducted in part by University of Florida (UF) Health dean of Public Health and Health Professions Beth A. Virnig.

“The finding that these attacks are becoming more frequent and more complex is particularly worrisome,” said David R. Nelson, President of UF Health.

UF Health dealt with a major data breach, revealing that 941 patients’ medical records between April 27, 2021, and July 21, 2022 had been cracked. An investigation into the incident determined that certain patient demographic information such as name, date of birth, mailing address, and phone number were accessed by hackers. In addition, medical record number, physician’s name, and limited clinical information may have been accessed or viewed. In some instances, the insurance group and subscriber or policy numbers may have also been involved.

Tampa General Hospital (TGH), one of Florida’s largest hospitals, announced last year that it suffered from a cybersecurity breach between May 12 and May 30, 2023, disclosing that an unauthorized third party accessed TGH’s network and obtained patient information. Similarly, HCA Healthcare, which has 46 hospitals in Florida, reported last year that approximately 11 million individuals nationwide may have had their personal information compromised by an identified data leak.

Following a similar attack, the U.S. Department of Health and Human Services launched an investigation into a suspected ransomware attack against Tallahassee Memorial Healthcare in April 2023 that reportedly compromised the personal data of more than 20,000 individuals.

Outside of the healthcare sphere, BlackCat, a ransomware organization, claimed responsibility for a cybersecurity breach of Florida’s First Judicial Circuit. Per the group, it gained access to personal data and a network map of the court’s systems with local and remote service credentials. In a blog post following the breach, BlackCat threatened to leak 2 terabytes of confidential information.