LA County Health Services Cyberattack Leaked Patient Data
The Los Angeles County Department of Health Services (DHS) has reported a significant data breach. The breach occurred in February due to a successful phishing attack that compromised roughly two dozen employees’ email accounts, which then led to the exposure of sensitive personal and health information of thousands of patients.
"DHS conducted an administrative review and determined that approximately 6,085 individuals' information may have been impacted," stated L.A. County Health Services in response to the breach. Explaining the incident that led to the large-scale data breach, the notice from LA County Health Services said that DHS employees clicked on an email link “thinking that they were accessing a legitimate message from a trustworthy sender."
Approximately 6,085 individuals' information may have been impacted, including sensitive details such as names, dates of birth, addresses, phone numbers, medical records, health plan information, and more. Fortunately, Social Security Numbers and financial data were not compromised in the breach.
In response, L.A. County Health Services took swift action by disabling the affected email accounts, resetting employees' devices, and quarantining suspicious emails. They also circulated awareness notifications among staff, emphasizing the importance of scrutinizing emails, especially those with attachments or links.
While L.A. County Health Services cannot confirm if a patient’s data was accessed or misused in the breach, it recommends that affected patients reach out to their healthcare providers to confirm the content and accuracy of their medical records.
Additionally, the department plans to notify relevant authorities, including the US Department of Health & Human Services' Office for Civil Rights and the California Department of Public Health.
As the healthcare sector grapples with increasing cyber threats, it’s clear that it's a key target for cybercriminals. This is likely due to the volume of sensitive information these organizations tend to hold, which can be used for various malicious activities or can be held for ransom. Change Healthcare recently paid two ransoms to two different ransomware gangs due to a breach of 4TB of data, showcasing the real profits cybercriminals can garner from breaching health networks.
Please, comment on how to improve this article. Your feedback matters!