Phishing attack may impact LA County health data

The Los Angeles County Health Department reports that it was the victim of a phishing attack in February that may have stolen the personal information of approximately 200,000 clients, employees and others.

A statement posted on the agency’s website last week said the incident, which occurred between February 19 and 20, compromised the email credentials of 53 employees.

“In this case, DPH employees clicked on the link in the body of the email, thinking they were accessing a legitimate message from a trusted sender,” the agency said in a statement.

Perpetrators may have accessed a range of information in employees’ emails, including customer names, birth dates, diagnoses, prescriptions, medical record numbers/patient IDs, Medicare/Medi-Cal numbers, health insurance data, Social Security numbers, and financial information.

“DPH has implemented numerous enhancements to reduce our vulnerability to similar email attacks in the future,” the department said. “Upon discovery of the phishing attack, we acted quickly and disabled the affected email accounts, reset and reimaged user devices, blocked websites identified as part of the phishing campaign, and quarantined all suspicious inbound emails.”

The DPH is working with law enforcement to investigate the incident and said it “will notify the U.S. Department of Health and Human Services Office for Civil Rights and other agencies as required by law and/or contract.”

This story first appeared in Industry Insider – CaliforniaPart of e.Republic, Government Technology parent company.