Los Angeles County Division of Public Well being (DPH) has disclosed a knowledge breach impacting greater than 200,000 people.
The info stolen contains private, medical and monetary info.
The incident, which befell between February 19 and 20, 2024, was brought on by an attacker gaining the log-in credentials of 53 Public Well being workers via a phishing e mail.
The native authorities division, which serves the roughly 10 million residents of LA County, mentioned the data recognized within the compromised e mail account might have included the next DPH shoppers/workers/different people’ knowledge:
- First and final identify and date of start
- Prognosis and prescription info
- Medical document quantity/affected person ID
- Medicare/Med-Cal quantity
- Medical insurance info
- Social safety quantity and different monetary info
Affected people might have been impacted otherwise and never the entire components listed have been current for every particular person.
All probably impacted people are being notified by publish. For these the place a mailing handle shouldn’t be accessible, Public Well being can be posting a discover on its web site to supply info and sources.
The DPH mentioned: “Whereas Public Well being can not affirm whether or not info has been accessed or misused, people are inspired to evaluate the content material and accuracy of the data of their medical document with their medical supplier.”
Impacted people are additionally being provided one yr of free identification monitoring from Kroll.
Regulation enforcement has investigated the incident and the US Division of Well being and different businesses are being notified as required by regulation and/or contract.
Incident Brought on by Phishing Assault
The DPH mentioned it has applied “quite a few enhancements” to its safety posture to stop comparable phishing assaults occurring sooner or later.
Upon discovering the assault, the division disabled impacted e mail accounts and reset and re-imaged the customers’ gadgets.
Moreover, all web sites that have been recognized as a part of the phishing marketing campaign have been blocked and all suspicious incoming emails quarantined.
The well being service added that it has distributed consciousness notifications to all workforce members to remind them to be vigilant when reviewing emails, particularly these together with hyperlinks or attachments.
On June 12, it was revealed that US non-public healthcare supplier Ascension was compromised by ransomware attackers after an worker accidently downloaded a malicious file.
The incident led to ambulances being diverted and affected person appointments postponed, and it’s believed the attackers stole information containing protected well being info (PHI) and personally identifiable info (PII) of sufferers.
Learn right here: Hundreds of thousands of Individuals’ Information Doubtlessly Uncovered in Change Healthcare Hack
