Personal information for 200,000 people possibly leaked after hack at LA County Public Health
Personal information was possibly stolen after a phishing attack, which allowed a hacker to access Public Health employees' emails.
The breach happened between Feb. 19 and Feb. 20. The Los Angeles County Department of Public Health said the hacker got the log-in credentials for 53 employees because of the phishing email. The attack compromised the sensitive information for more than 200,000.
It's unclear what information the hacker was about to access and store, but authorities believe it may have included the following:
- First and last names
- Date of birth
- Diagnosis
- Prescription
- Medical record number or patient ID
- Medicare or Med-Cal number
- Health insurance information
- Social Security Number
- Financial information
DPH will contact the people affected by mail. Those without a mailing address can access a notice on the department's website which will provide information and resources.
The department disabled the email accounts impacted by the phishing attack, reset and re-imaged devices blocked website that were identified as part of the phishing campaign and quarantined all suspicious incoming emails.
Public Health also hired a company to monitor affected clients' identities for one year and for free. The department claimed to implement numerous changes to lessen the chance of further phishing attacks. Additionally, employees have been briefed on how to avoid phishing attacks.
