Los Angeles County Health Department victim of phishing attack

The personal information of more than 200,000 people in Los Angeles County may have been exposed after a hacker used a phishing email to steal the login credentials of 53 public health workers, the county said Friday.

Details that may have been accessed in the February data breach include first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance data, social security numbers and other financial information of Department of Health clients, employees and others.

“The effects on the individuals affected may vary and not all of the elements listed were present in every person,” the agency said in a press release.

The health department will mail notifications to those affected by the data breach. Anyone who wants to know if their information was exposed can also call (866) 898-4312 Monday through Friday between 6 a.m. and 5 p.m.

The data theft occurred between Feb. 19 and 20 when employees received a phishing email designed to trick recipients into revealing important information, such as passwords and login credentials. Employees clicked on a link in the email’s body, thinking they were accessing a legitimate message, the agency said. Additional details about the phishing email were not immediately available.

It is not clear when officials learned of the break-in. A department spokesman did not immediately respond to questions sent by email on Friday.

In response, authorities said they disabled affected email accounts, reset devices, blocked websites identified as part of the phishing campaign, and quarantined all suspicious incoming emails.

How do you protect yourself?

The district offers those affected by the violation free identity monitoring by the financial and risk consulting company Kroll.

People whose medical records may have been accessed by the hacker should review them with their doctor to make sure the contents are accurate and have not been altered. Officials recommend that people also check their insurance company’s explanation of benefits to make sure they recognize all the services billed.

Individuals can also request credit reports and review them for inaccuracies.

According to experts, the most effective way to block potential use of your Social Security number is to freeze your credit files. This will prevent someone from opening a new account using your information. The freeze is free and can be lifted at any time if necessary, but you will need to contact each of the three major credit bureaus individually, which can be done online.

Times Deputy Editor Jon Healey contributed to this report.