​The Los Angeles County Division of Well being Companies disclosed an information breach after sufferers’ private and well being info was uncovered in an information breach ensuing from a current phishing assault impacting over two dozen staff.
This built-in well being system operates the general public hospitals and clinics in L.A. County (essentially the most populous county in the US) and is the second largest public well being care system within the nation after NYC Well being + Hospitals.
As revealed in knowledge breach notifications despatched to an undisclosed variety of probably affected people, 23 staff had their credentials stolen in a February assault.
“Between February 19, 2024, and February 20, 2024, DHS experienced a phishing attack. Specifically, a hacker was able to gain log-in credentials of 23 DHS employees through a phishing e-mail,” the notifications revealed.
“In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender.”
Paperwork and e-mails within the compromised mailboxes included sufferers’ private and well being info, together with a mix of:
- first and final title, date of beginning, dwelling deal with, cellphone quantity(s), e-mail deal with, medical report quantity, shopper identification quantity, dates of service
- medical info (e.g., analysis/situation, therapy, check outcomes, medicines),
- and/or well being plan info.
Affected people could have been impacted otherwise, and the info saved within the breached e-mail inboxes didn’t embody Social Safety Numbers (SSNs) or monetary info.
After discovering the breach, L.A. County Well being Companies disabled the impacted e-mail accounts, reset and re-imaged the compromised staff’ gadgets, and quarantined all suspicious incoming e-mails. It additionally circulated consciousness notifications to all staff, reminding them to all the time be vigilant when reviewing e-mails, particularly these with attachments or hyperlinks.
The well being system may also notify the U.S. Division of Well being & Human Companies’ Workplace for Civil Rights, the California Division of Public Well being, and different related businesses of the info breach.
Moreover, though no proof was discovered throughout the investigation that the attackers accessed or misused the uncovered private and well being info, L.A. County Well being Companies advises affected sufferers to contact their healthcare suppliers to confirm the content material and accuracy of their medical data.
BleepingComputer reached out to an L.A. County Well being Companies spokesperson with extra questions in regards to the incident, however a response was not instantly accessible.
