TALLAHASSEE, Fla. – Florida officials acknowledged Friday that state servers appear to have been compromised by overseas hackers who gained entry by imbedding malicious code into networking software from a Texas-based software company, SolarWinds.
Two Florida officials who have knowledge of the matter but spoke on condition of anonymity because they were not authorized to speak publicly about it said the hackers apparently infiltrated systems of the Agency for Healthcare Administration, which runs the state’s Medicaid program, and other agencies.
It was unclear what information the hackers may have taken, the officials said.
“We will continue to review and monitor the situation,” the Florida Department of Management Services said in a statement to The Associated Press late Friday. “Florida, like many states, continues to coordinate with the U.S. Department of Homeland Security – Cybersecurity and Infrastructure Security Agency and additional federal, state, and local partners on all matters related to cybersecurity.”
Software from SolarWinds has been at the center of global worries over a spate of hackings into computer systems operated by government agencies and major companies. The intruders apparently exploited vulnerabilities in the company’s software.
SolarWinds had begun alerting 33,000 of its customers that an “outside nation state” — widely suspected to be Russia — had inserted malicious code into some versions of its Orion software. The software helps network administrators monitor the performance of their servers and systems.
The Florida officials were not prepared to discuss how serious the breach might have been amid conflicting statements and information from some companies involved in investigating the breach.
The officials said they were still trying to understand to what extent their systems were penetrated, whether any data was harvested and, if so, for what purpose.