Los Angeles County Department of Public Health has disclosed a data breach impacting more than 200,000 individuals.
The data breach took place between February 19 and 20, 2024, which was caused by an attacker gaining login access to public health employees through a phishing email.
The information identified in the compromised email account may have included the following details.
Impacted individuals are being notified by post. For those where a mailing address is not available, Public Health is also posting a notice on its website to provide information and resources.
Impacted individuals are also being offered one year of free identity monitoring from Kroll. Law enforcement has investigated the incident, and the US Department of Health and other agencies are being notified as required by law and/or contract.
The DPH said it has implemented “numerous enhancements” to its security posture to prevent similar phishing attacks occurring in the future.
Upon discovering the attack, the department disabled impacted email accounts and reset and re-imaged the users’ devices. All websites that were identified as part of the phishing campaign were blocked, and all suspicious incoming emails quarantined.
The health service added that it has distributed awareness notifications to all workforce members to remind them to be vigilant when reviewing emails, especially those, including links or attachments.
