/cloudfront-us-east-1.images.arcpublishing.com/pmn/GNME7ZXP7FA23AIFL4VN7BGM34.jpg)
On Feb. 19 and 20, the Los Angeles County Department of Public Health fell victim to a sophisticated phishing attack that compromised personal information belonging to more than 200,000 individuals. During the attack, a threat actor gained access to the credentials of 53 public health employees, leading to the breach of sensitive data.
According to Dror Liwer, co-founder of cybersecurity company Coro, phishing attacks often target well-meaning employees who inadvertently fall into the criminal’s trap. Many traditional anti-phishing tools are not equipped to handle complex attacks like this one.
In response to the incident, the department took immediate action by disabling affected email accounts, resetting and reimaging user devices, and blocking websites associated with the phishing campaign. Law enforcement was notified, and an investigation began to assess the potential impact of the compromised email accounts, which may have contained sensitive information like names, dates of birth, medical diagnoses, and Social Security numbers.
While the department cannot confirm if any information was accessed or misused, affected individuals are advised to review their medical records for accuracy. Public Health is offering one year of identity monitoring service through Kroll to those impacted by the breach. Affected individuals will receive notifications by mail, and anyone concerned about their information can reach out to 1-866-898-4312 between 6 a.m. and 5 p.m. Pacific time for assistance.
