In February 2024 [5] [7], a data breach at the Los Angeles County Department of Public Health (DPH) exposed the personal information of over 200,000 individuals.
Description
Threat actors gained access to the login credentials of 53 employees through a phishing campaign [7], compromising names [3], dates of birth [1] [2] [3] [4] [5] [6] [7], medical records [1] [2] [3] [4] [5] [6] [7], Social Security Numbers [1] [2] [3] [4] [5] [6] [7], and financial details. The exposed data also included diagnoses, prescriptions [2] [4] [6] [7], medical record numbers [2] [4] [6] [7], Medicare/Med-Cal numbers [6] [7], and health insurance information [2] [4] [6] [7]. Immediate actions were taken, such as disabling affected email accounts [6], notifying law enforcement [1] [5], and implementing security enhancements [1] [3] [5] [7]. Impacted individuals are being informed through mail or the department’s website and are being offered one year of free identity monitoring services [1]. They are advised to review the accuracy of their medical records with their providers and take precautions against identity theft and fraud. Additionally, Ascension [1], a US healthcare provider [1], also faced a ransomware attack resulting in patient data exposure and service disruptions [1].
Conclusion
The data breach at the Los Angeles County Department of Public Health highlights the importance of cybersecurity measures in protecting sensitive information. While immediate actions were taken to mitigate the breach, impacted individuals are urged to monitor their personal information closely and take steps to safeguard against identity theft. The incident serves as a reminder for organizations to strengthen their security protocols to prevent future breaches and protect the privacy of individuals.
References
[1] https://www.infosecurity-magazine.com/news/los-angeles-health-data-breach/
[2] https://www.cbsnews.com/losangeles/news/personal-information-for-200000-people-possibly-leaked-after-hack-at-la-county-public-health/
[3] https://news.yahoo.com/news/more-200k-information-compromised-l-142517948.html
[4] https://www.aol.com/news/phishing-attack-hits-l-county-004118718.html
[5] https://www.smobserved.com/story/2024/06/14/news/phishing-attack-at-los-angeles-county-department-of-public-health-puts-sensitive-information-of-over-200000-people-at-risk/8340.html
[6] https://www.dailynews.com/2024/06/14/l-a-county-public-health-was-hacked-compromising-info-of-200000-people/
[7] https://securityaffairs.com/164585/data-breach/la-countys-department-of-public-health-dph-data-breach.html