Personal data may have been stolen after a phishing attack, which gave a hacker access to the emails of GGD employees.
The breach took place between February 19 and 20. The Los Angeles County Department of Public Health said the hacker obtained the login credentials of 53 employees thanks to the phishing email. The attack compromised the sensitive information of more than 200,000 people.
It’s unclear what information the hacker was about to access and store, but authorities believe it may have included:
- First and last name
- Date of birth
- Diagnosis
- Recipe
- Medical record number or patient ID
- Medicare or Med-Cal number
- Information about health insurance
- Citizen service number
- Financial information
DPH will contact those affected by the mail. Those without a mailing address can access a notice on the department’s website that provides information and resources.
The department disabled the email accounts affected by the phishing attack, reset and reimaged devices, blocked websites identified as part of the phishing campaign, and quarantined all suspicious incoming emails.
Public Health has also hired a company to monitor the identities of affected clients for free for a year. The department claimed to be making numerous changes to reduce the chance of further phishing attacks. In addition, employees have been informed about how they can prevent phishing attacks.
