{"id":164585,"date":"2024-06-17T13:12:47","date_gmt":"2024-06-17T13:12:47","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164585"},"modified":"2024-06-17T13:12:49","modified_gmt":"2024-06-17T13:12:49","slug":"la-countys-department-of-public-health-dph-data-breach","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164585\/data-breach\/la-countys-department-of-public-health-dph-data-breach.html","title":{"rendered":"LA County\u2019s Department of Public Health (DPH) data breach impacted over 200,000 individuals"},"content":{"rendered":"
<\/div>\n

The County of Los Angeles\u2019 Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals.<\/h2>\n\n\n\n

The LA County\u2019s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024.<\/p>\n\n\n\n

Threat actors obtained the log-in credentials of 53 Public Health employees through a phishing campaign.<\/p>\n\n\n\n

“Between February 19, 2024, and February 20, 2024, the Los Angeles County Department of Public Health experienced a phishing attack in which a hacker was able to gain log-in credentials of 53 Public Health employees through a phishing email, compromising the personal information of more than 200,000 individuals.” reads the notice of data breach<\/strong><\/a> published by DPH.<\/em><\/gwmw><\/p>\n\n\n\n

Upon discovering the phishing attack, Public Health disabled the impacted email accounts, and reset and reimaged the user\u2019s device. The organization also blocked websites that was the origin of the attack and quarantined all suspicious incoming emails.<\/p>\n\n\n\n

Potentially compromised e-mail accounts may have included DPH clients\/employees\/other individuals\u2019 first and last name, date of birth, diagnosis, prescription, medical record number\/patient ID, Medicare\/Med-Cal number, health insurance information, Social Security Number, and other financial information.<\/gwmw><\/p>\n\n\n\n

“Affected individuals may have been impacted differently and not all of the elements listed were present for each individual.” continues the notice.<\/em><\/p>\n\n\n\n

LA County\u2019s Department of Public Health is notifying impacted individuals by mail<\/a>.<\/p>\n\n\n\n

The company is informing the U.S. Department of Health & Human Services\u2019 Office for Civil Rights and other relevant agencies. <\/p>\n\n\n\n

In response, Public Health has implemented numerous enhancements to reduce exposure to similar e-mail attacks in the future.<\/gwmw><\/gwmw><\/p>\n\n\n\n

At the time of this writing, DPH cannot confirm if any information has been accessed or misused. The company recommends that impacted individuals review the content and accuracy of their medical records with their medical providers.<\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

DPH announced it has implemented several enhancements to reduce exposure to similar email attacks in the future.<\/gwmw><\/p>\n\n\n\n

The agency is also offering entitled individuals free credit and identity monitoring services.<\/p>\n\n\n\n

In April, the\u00a0Los Angeles County Department of Health Services<\/a>\u00a0disclosed a data breach<\/strong><\/a> that impacted thousands of patients. Patients\u2019 personal and health information was exposed after a phishing attack impacted over two dozen employees.<\/p>\n\n\n\n

Los Angeles County Department of Health Services operates the public hospitals and clinics in Los Angeles County, and is the United States\u2019 second largest municipal health system, after NYC Health + Hospitals.<\/p>\n\n\n\n

The phishing attack occurred between February 19, 2024, and February 20, 2024. Attackers obtained the credentials of 23 DHS employees.<\/p>\n\n\n\n

\u201cA phishing e-mail tries to trick recipients into giving up important information. In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender.\u201d reads the data breach notification sent to the impacted individuals. \u201cDue to the ongoing investigation by law enforcement, we were advised to delay notifying you of this incident until now, as public notice may have hindered their investigation.\u201d<\/em><\/p>\n\n\n\n

The compromised information varied for each individual, potentially exposed information included the patient\u2019s first and last name, date of birth, home address, phone number(s), e-mail address, medical record number, client identification number, dates of service, and\/or medical information (e.g., diagnosis\/condition, treatment, test results, medications), and\/or health plan information.<\/p>\n\n\n\n

Social Security Numbers (SSN) or financial information was not compromised.<\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, LA County\u2019s Department of Public Health)<\/strong><\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

The County of Los Angeles\u2019 Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County\u2019s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024. Threat actors obtained the […]<\/p>\n","protected":false},"author":1,"featured_media":164594,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,3,4337,5],"tags":[88,182,4112,9508,9506,10918,15161,15162,687,841,1533],"class_list":["post-164585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-cyber-crime","category-data-breach","category-hacking","tag-cybercrime","tag-data-breach","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-la-countys-department-of-public-health","tag-la-dph","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司