The personal data of more than 200,000 people in Los Angeles County was potentially compromised after a phishing attack allowed hackers to steal login credentials from 53 public health employees.
What happened
Hackers conducted a sophisticated phishing campaign targeting Los Angeles County Department of Public Health employees, compromising 53 email accounts and potentially exposing the data of over 200,000 clients, employees, and other individuals. The phishing emails, sent on February 19 and 20, were crafted to appear legitimate, containing links to malicious websites to trick employees into providing their login credentials. Hackers then accessed these email accounts with sensitive information, including names, birth dates, medical diagnoses, prescription information, medical record numbers, Social Security numbers, and health insurance details.
Following the discovery of the breach, the department disabled affected email accounts, reset user devices, blacklisted phishing websites, and quarantined suspicious emails. Additionally, the workforce was re-educated on email security risks, and multiple enhancements were made to improve overall email security.
In the know
A phishing attack, like the one that targeted the Los Angeles County Department of Public Health, involves cybercriminals sending deceptive emails or messages that appear legitimate to trick recipients into divulging sensitive information. These hackers masquerade as trustworthy entities, exploiting human trust to gain unauthorized access to systems or steal personal data.
Healthcare organizations are a prime target for attackers, who can use the stolen data for identity theft, insurance fraud, and other malicious activities.
Go deeper: What is a phishing attack?
What was said
“While Public Health cannot confirm whether information has been accessed or misused, individuals are encouraged to review the content and accuracy of the information in their medical record with their medical provider,” states the County of Los Angeles Public Health news release.
Affected individuals are also offered free identity monitoring for one year “to help relieve concerns and restore confidence following this incident...”
Furthermore, affected individuals are recommended to take the following steps against identity theft and fraud:
- Review and monitor their medical information with healthcare providers, checking benefit statements for unfamiliar services.
- Request free annual credit reports from Equifax, Experian, and TransUnion by visiting www.annualcreditreport.com or calling 1-877-322-8228 to order reports directly.
- Place a fraud alert on credit files, prompting creditors to verify their identity before issuing credit.
- Request a security freeze on credit reports to prevent unauthorized access.
The bottom line
In response to the data breach, affected individuals should enroll in the complimentary identity monitoring service provided and review their medical records and insurance statements for unauthorized activity. Additionally, affected individuals should consider placing a credit freeze on their accounts to prevent further misuse of their personal information.
