The County of Los Angeles’ Department of Public Health (DPH) has disclosed a data breach impacting the personal information of 200,000 individuals.
The incident, DPH announced on Friday, occurred between February 19 and February 20, 2024, after an employee fell victim to a phishing attack that led to the compromise of 53 Public Health employees’ login credentials.
“Upon discovery of the phishing attack, Public Health disabled the impacted email accounts, reset and reimaged the user’s device(s), blocked websites that were identified as part of the phishing campaign and quarantined all suspicious incoming emails,” the public health agency said.
Using the compromised credentials, the attackers gained access to personal information such as names, birth dates, Social Security numbers, diagnosis, prescriptions, health insurance information, patient IDs, medical record numbers, Medicare/Med-Cal numbers, and other financial information.
“Affected individuals may have been impacted differently and not all of the elements listed were present for each individual,” the agency announced.
DPH is mailing notification letters to impacted employees and clients, as well as to other individuals who might have been impacted by the data breach. A copy of the letter was submitted to the California Attorney General’s Office.
“While Public Health cannot confirm whether information has been accessed or misused, individuals are encouraged to review the content and accuracy of the information in their medical record with their medical provider,” DPH said.
The public health agency is providing the affected individuals with one year of free credit and identity monitoring services.
The phishing attack impacted other Los Angeles County health agencies as well. In April, the county’s Department of Health Service announced that the personal information of over 6,000 people was compromised after the attackers accessed the email accounts of 23 DHS employees.
In May, the Los Angeles County Department of Mental Health revealed that roughly 1,600 individuals were impacted after one of its employees fell victim to a phishing attack on March 20.
Related: Autodesk Drive Abused in Phishing Attacks
Related: 750k Impacted by Frontier Communications Data Breach
Related: Boat Dealer MarineMax Confirms Data Breach
Related: Marina Bay Sands Discloses Data Breach Impacting 665k Customers
