LA County Health Services data breached due to phishing attack

TLDR:

• Phishing attack compromised personal and health data of individuals in Los Angeles County Department of Health Services.
• 23 employees had their email accounts infiltrated, containing sensitive patient information.

Individuals receiving healthcare across Los Angeles had their personal and health data compromised following a successful phishing attack against Los Angeles County Department of Health Services, which is the second largest U.S. public healthcare system, in February. Malicious phishing emails delivered between Feb. 19 and 20 enabled attackers to infiltrate the email accounts of 23 employees, which contained patients’ names, birthdates, home and email addresses, phone numbers, medical record numbers, client identification number, medical details, and health plan information, as reported by LA County Health Services. Fortunately, no Social Security numbers and financial data were compromised in the incident.

The breach has already been remediated through a reset of all impacted employee email accounts and more extensive screening of suspicious emails. While there have been no reports of misuse of the exposed data, impacted individuals have been urged to verify their medical records with their health providers to ensure the security of their information.

Related Stories:

• Kaiser Permanente notifies 13.4M patients of potential data exposure
• Microsoft credentials targeted by phishing campaign using Autodesk Drive
• FTC sends $5.6M in refunds to Ring users impacted by unwanted access, hacks