According to Los Angeles County, 25 departments were affected by the phishing incident in February

A large-scale phishing campaign in February succeeded in infiltrating several departments of the Los Angeles County government, officials told Recorded Future News.

In total, 25 of the county’s 38 departments were affected, but only two health departments issued public notices. According to a county spokesperson, they were the only ones required to do so under California law because each incident compromised the personal or health information of more than 500 people.

Both the Ministry of Health and the Ministry of Health have disclosed these breaches in recent months, stating that the phishing incidents occurred between February 19 and 20.

A spokesperson for the Department of Health said the accounts of a total of 283 district employees in the 25 affected departments were affected by the phishing campaign. District officials declined to provide further information on data that may have been stolen from the non-medical departments.

“The incident is being investigated by the Los Angeles County District Attorney’s Office Cybercrime Investigation Unit,” the district spokesman said, but declined to answer questions about which other departments were affected or whether the public would ever be informed of the attack.

Los Angeles County is the most populous county in the United States, with nearly 10 million residents in the city of Los Angeles and several other cities.

“Clicked on the link”

The phishing campaign last attracted public attention about a week ago, when the Ministry of Health informed regulators that hackers had stolen the login credentials of 53 Ministry of Health employees in February, thereby accessing the data of over 200,000 people.

The stolen information included names, dates of birth, social security numbers, diagnoses, prescriptions, medical record numbers, Medicare numbers, health insurance information, and financial data.

The agency registers birth and death certificates and runs dozens of programs on a variety of topics, including disease control and prevention and substance abuse.

In April, BleepingComputer reported on the data breach at the Department of Health, which operates the county’s public hospitals and clinics. The phishing campaign resulted in hackers obtaining the login credentials of 23 health department employees. The incident reportedly affected the data of more than 6,000 people.

Separately, the Department of Health told victims in notification letters about the data breach last week that department employees “clicked on the link in the body of the email thinking they were accessing a legitimate message from a trusted sender.”

“Due to a law enforcement investigation, we were advised not to notify you of this incident until later as public disclosure may have hindered their investigation,” the department added.

Agency officials said that after discovering the phishing attack, they disabled all affected email accounts, blocked websites that were part of the campaign and quarantined any emails deemed suspicious.

The U.S. Department of Health and Human Services Office for Civil Rights and other agencies were also notified by the Department of Health.

For those who did not have a mailing address available, the health department posted a notice on its website. Victims will be provided with an identity monitoring service for one year.

Both the housing authority and the city’s largest school district were hit by cyberattacks last year.

Two weeks ago, hackers claimed they had again breached the Los Angeles Unified School District’s systems and stolen millions of student and teacher records.

A spokesperson for the school district told Recorded Future News that the allegation is under investigation and law enforcement has been brought in to look into the incident. This week, the district confirmed that the data was stolen as part of a larger attack campaign against customers of data storage giant Snowflake.

On June 21, the Los Angeles County Health Department announced a separate data breach that occurred on February 6.

Learn more.