LA County Dept. of Public Health Data Breach Impacts 200K

Threat actors were able to breach the department using the credentials accessed through phishing emails.

Dark Reading Staff, Dark Reading

June 17, 2024

1 Min Read
view of Griffith Park, Los Angeles, California, USA.
Source: Sean Pavone via Alamy Stock Photo

The Los Angeles County Department of Public Health has announced that it experienced a phishing attack between Feb. 19 and 20, in which a threat actor accessed the credentials of 53 public health employees.

The credentials were obtained through a phishing email that ultimately allowed the threat actor to compromise the personal information of more than 200,000 people. 

"The first domino to fall is very often the well-meaning employee trying to be helpful, but falling into the criminal's trap," Dror Liwer, co-founder of cybersecurity company Coro, wrote in an emailed statement to Dark Reading. "Older anti-phishing tools, or those embedded into the email platforms, are simply not designed to deal with sophisticated, well executed phishing attacks."

After discovering the attack, the department disabled all affected email accounts, reset and reimaged user devices, and blocked websites that it identified as being part of the phishing campaign. 

Once law enforcement was notified, an investigation was launched where the public health department found that the compromised email accounts may have included sensitive information, including names, date of birth, diagnosis, prescription, medical record numbers/patient ID, Medicare de, Med-Cal number, health insurance information, Social Security number, and financial information. 

"While Public Health cannot confirm whether information has been accessed or misused, individuals are encouraged to review the content and accuracy of the information in their medical record with their medical provider," stated the department's press release, which added that Public Health is providing affected individuals with one year of Kroll, an identity monitoring service.

Individuals who have been impacted will be notified by mail, and individuals who would like to know if they have been impacted can call 1-866-898-4312, from 6 a.m. to 5 p.m. Pacific time.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights