The Los Angeles County Department of Public Health recently experienced a phishing attack that put the personal data of over 200,000 individuals at risk. A hacker obtained log-in credentials for 53 employees through a phishing email between February 19 and 20. Upon detecting the breach, the health department took immediate action by disabling affected email accounts, resetting and reimaging devices, blocking suspicious websites, and quarantining questionable incoming emails.
In response to the incident, notifications were circulated to all staff members to increase awareness when reviewing emails, particularly those containing links or attachments. Law enforcement was alerted and an investigation was conducted. The compromised email accounts may have contained sensitive information such as names, birthdates, diagnoses, prescriptions, medical record numbers, Medicare/Med-Cal numbers, health insurance details, Social Security Numbers, and other financial data. Not all individuals may have had all these elements in their accounts.
The department has taken several steps to address the incident. Impacted individuals will receive notifications by mail while those without mailing addresses will find relevant information and resources on the department’s website. The incident has been reported to the U.S. Department of Health & Human Services’ Office for Civil Rights as well as other mandated agencies. To minimize susceptibility to similar email attacks going forward, the health department has implemented additional measures such as using multi-factor authentication for email accounts and providing regular training to staff on cybersecurity best practices.
Although it remains uncertain whether the breached information was accessed or exploited, individuals are advised to verify the accuracy of their medical records with their healthcare providers to assuage concerns about potential identity theft or fraudulent activity related to their personal data. Kroll has been enlisted by the department to offer one year of complimentary identity monitoring services to affected clients in an effort to mitigate any potential risks associated with this cybersecurity incident.
Overall this incident highlights the importance of being vigilant when receiving emails from unknown sources and taking necessary steps promptly in case of a security breach
