Recently, the Los Angeles County Department of Public Health (DPH) announced that it had fallen victim to a phishing attack in February that put the personal information of approximately 200,000 clients, employees, and other individuals at risk. On February 19 and 20, an email campaign was launched that resulted in the compromise of email credentials belonging to 53 employees. The perpetrators of the attack could have gained access to a wide range of sensitive data contained within the compromised emails, including client names, dates of birth, diagnoses, prescriptions, medical record numbers, Medicare/Medi-Cal numbers, health insurance information, Social Security numbers, and financial information.
In response to the attack, DPH took immediate action by disabling affected email accounts and resetting and re-imaging users’ devices. Additionally, websites associated with the phishing campaign were blocked and suspicious incoming emails were quarantined. The department is currently working closely with law enforcement agencies to investigate the incident and will notify relevant agencies as required by law or contract.
It is important for individuals and organizations to be aware of phishing attacks and take steps to protect themselves from falling victim. This includes being cautious when clicking on links in emails from unknown sources and regularly updating passwords and security measures.
