The Los Angeles County Department of Health Services announced Friday that a phishing attack in February allowed a hacker to gain login credentials of an employee, which may have compromised the personal information of about 47,000 people.
The attack through phishing email took place on Feb. 6. After discovering the breach, the health services department said it disabled the impacted e-mail account, reset and re-imaged the user’s devices, blocked websites that were identified as part of the phishing campaign and quarantined all suspicious incoming e-mails.
Additionally, notifications were distributed to all workforce members to remind them to be vigilant when reviewing e-mails, especially those including links or attachments. Law enforcement was notified and they investigated the incident, according to DHS.
The information identified in the potentially compromised email account may have included full name, date of birth, home address, phone number, e-mail address, Social Security number, government-issued ID, medical record number, health insurance information and/or medical information.
The health services department is notifying impacted individuals by mail. For individuals where a mailing address is not available, the department is also posting a notice on its website to provide information and resources. DHS said it is also notifying the U.S. Department of Health & Human Services’ Office for Civil Rights and other agencies as required by law and/or contract.
DHS said it has implemented numerous enhancements to reduce exposure to similar e-mail attacks in the future.
While the department cannot confirm whether information has been accessed or misused, individuals are encouraged to review the content and accuracy of the information in their medical record with their medical provider.
Related Articles
What’s left for the Supreme Court to decide? Here’s the list.
AT&T must keep providing landline service, regulator rules
Car dealerships across US halt services after cyberattack
Solar window company bringing its US headquarters to California
Power demand expected to double by 2040 thanks to AI and EVs, PG&E’s CEO says
To help relieve concerns following the incident, the department said it has secured the services of an identity monitoring service to assist those affected with credit monitoring, fraud consultation and identity theft restoration.
Last week, the L.A. County Department of Public Health announced that a phishing attack also in February allowed a hacker to gain login credentials of 53 employees, compromising the personal information of more than 200,000 people.