HQ/EMEAFind out how we can help your business
The LA County Health Services has recently announced that they suffered a data breach incident caused by a recent phishing attack that affected more than two dozen staff, compromising patients’ personal and health information.
This comprehensive health system manages the public hospitals and clinics in Los Angeles County, the most populous county in the United States. Moreover, it is the country’s second-largest public healthcare system after NYC Health + Hospitals.
According to the breach warnings given to an unspecified number of possibly affected persons, the threat actors stole 23 employees’ login credentials during the incident.
The notifications also revealed that the DHS experienced a phishing attempt between February 19 and February 20, 2024, in which a hacker acquired login credentials from 23 DHS workers through a phishing operation.
In addition, the notifications disclosed that the victim DHS personnel clicked on a link in the email since it assumed it was a legitimate message from a trusted sender.
The exposed information from the LA County Health Services included basic information.
According to investigations, the exposed data owned by the LA County Health Services contain documents and emails comprising patients’ personal and health information, such as names, birth dates, addresses, phone numbers, email addresses, medical record numbers, and treatment information.
Affected individuals may face various consequences. Luckily, the compromised emails did not contain Social Security Numbers (SSNs) or financial information.
Following the hack’s discovery, LA County Health Services deactivated affected email accounts, reset and re-imaged infected equipment, and isolated suspicious and unsolicited incoming emails. They also warned employees to be cautious when analysing emails, especially attachments or links.
This affected entity also assured everyone they would inform the relevant United States agencies, such as the California Department of Public Health and the Department of Health and Human Services Office, about the breach.
Although the investigation revealed no indication that the attackers accessed or misused the exposed personal and health information, LA County Health Services urges affected patients to check the content and accuracy of their medical records with their doctors.
Lastly, the representative of this compromised healthcare institution has refused to release comments to further detail the incident. Potentially impacted individuals should be cautious with incoming messages as the attackers acquired substantial information.
