The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal the login credentials of 53 public health employees, the county announced Friday.
Details possibly accessed in the February data breach include first and last names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers and other financial information of the individuals. clients, employees and other financial information of the Department of Public Health. other individuals.
“Affected individuals may have been impacted differently and not all of the items listed were present for each individual,” the agency said in a news release.
The Department of Public Health will send notices by mail to those affected by the noncompliance. Anyone who wants to know if their information was exposed can also call (866) 898-4312 from 6 a.m. to 5 p.m., Monday through Friday.
The data breach occurred between February 19 and 20 when employees received a phishing email, which attempts to trick recipients into providing important information such as passwords and login credentials. According to the agency, the employees clicked on a link in the body of the email, thinking they were accessing a legitimate message. Additional details about the phishing email were not immediately available.
It is unclear when officials learned of the raid. A department spokesperson did not immediately respond to emailed questions Friday.
In response, officials said they disabled affected email accounts, rebooted devices, blocked websites that were identified as part of the phishing campaign, and quarantined all suspicious incoming emails.
How do you protect yourself?
The county is offering free identity monitoring through Kroll, a financial and risk advisory firm, to those affected by the breach.
People whose medical records were potentially accessed by the hacker should review them with their doctor to ensure the content is accurate and has not been modified. Officials say people should also review the Explanation of Benefits statement they receive from their insurance company to make sure they acknowledge all services that have been billed.
People can also request credit reports and review them for any inaccuracies.
Experts say the most effective way to block potential use of your Social Security number is to freeze your credit files, which will prevent someone from opening a new account with your information. It's free to place one and you can pick it up when you need it. However, you must contact each of the three major credit bureaus individually, which can be done online.
Times deputy editor Jon Healey contributed to this report.