Philadelphia city employees' emails compromised in a hack dating back to 2023

Philadelphia judge rejects union's request to delay Mayor Cherelle Parker's Back-to-office plan

PHILADELPHIA (CBS) -- An unknown number of city employees' emails were compromised in a hack dating back to 2023, the City of Philadelphia announced in a press release in late June. 

According to the release, on May 24, 2023, the city noticed suspicious activity in its email system. The city then commissioned a third-party cybersecurity team to investigate the irregular activity. 

Cybersecurity investigators found that sometime between May 26 and July 28, 2023, an "unauthorized actor may have gained access to certain city email accounts and certain information contained therein."

The city said they honed in and reviewed which email accounts were potentially impacted to further determine what information was accessible in the hack and whom it regarded.

Philadelphia's Department of Behavioral Health and Intellectual disAbility Services mailed a notice to the people whose classified health information was potentially affected in the hack.

On June 12, 2024, the city finished the final steps of its "comprehensive, programmatic and manual review" of the possibly impacted email accounts and is working to notify the employees whose information was accessible.

To ensure a situation of this nature doesn't happen again, the city said they've taken steps to further secure their systems and emails. According to the release, they're also adding more administrative and technical safeguards to keep information safe, reviewing current policies and procedures, and making email security informational training available. 

What information was affected in the hack?

According to the city officials, the information taken varies from person to person but could include Pennsylvania residents' names, dates of birth, driver's licenses, Social Security numbers, financial account information, medical information, health insurance information, medical billing/claims information and occupational health-related information. 

What can people impacted by the hack do?

Officials urge city employees whose information was accessible in the hack to remain vigilant against identity theft incidents. Review account statements, credit reports and explanations of benefit forms for any sort of unusual activity to suss out errors. 

As always, it's critical to report any suspicious activity, whether this be to your insurance company, health care provider, bank or other institution.

Anyone with questions is asked to call the assistance line at 1-866-898-0867, which is available Monday through Friday 9 a.m. to 6:30 p.m., or email the city at HIPAAPrivacy@phila.gov.

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.