Upwards of 200,000 people had their personal information compromised after a hacker targeted the Los Angeles County Department of Public Health.
The health department revealed the privacy breach on Friday; in their statement, officials said that the hacker was able to gain login credentials for 53 employees through a phishing email attack that was carried out between Feb. 19 and Feb. 20.
Once the phishing scheme was discovered, the health department disabled the impacted email account, reset and re-imaged the user’s devices, blocked websites that were part of the scheme and quarantined all suspicious incoming emails.
Public Health also implemented “numerous enhancements” to reduce exposure to similar email attacks in the future, including a one-year partnership with financial and risk advisory firm Kroll at no cost to affected clients.
Information that was potentially compromised includes Public Health’s clients, employees and other individuals’ first and last names, date of birth, diagnosis, prescription, medical record number or patient ID, Medicare of Medi-Cal number, health insurance information, Social Security Number and other financial information.
“Affected individuals may have been impacted differently and not all of the elements listed were present for each individual,” officials added. “While Public Health cannot confirm whether information has been accessed or misused, individuals are encouraged to review the content and accuracy of the information in their medical record with their provider.”
Anyone who may have been impacted by the phishing campaign will be notified by the health department by mail; for individuals who do not have a mailing address available, information is also posted on the department’s website.
In addition, officials have notified the United States Department of Health and Human Services’ Office for Civil Rights and other agencies as required by law.
For tips on how to protect your information, visit Public Health’s “Steps You Can Take to Protect Against Identity Theft and Fraud” fact sheet.
To see if your information was stolen, call the health department’s newly established dedicated call center at 1-866-898-4312 (available weekdays from 6 a.m. to 5 p.m.)