The Los Angeles County Department of Public Health recently fell victim to a phishing attack that occurred between Feb. 19 and 20, resulting in the compromise of sensitive information belonging to more than 200,000 individuals. The attack, which targeted 53 public health employees, was facilitated through a phishing email that allowed a threat actor to access their credentials.
According to Dror Liwer, co-founder of cybersecurity company Coro, the success of phishing attacks often hinges on the unwitting actions of well-intentioned employees who inadvertently provide access to cybercriminals. Liwer pointed out that traditional anti-phishing tools may not be equipped to handle sophisticated attacks like the one experienced by the Los Angeles County Department of Public Health.
Upon discovering the breach, the department took immediate action by disabling all affected email accounts, resetting and reimaging user devices, and blocking websites associated with the phishing campaign. Additionally, law enforcement was notified and an investigation was launched to assess the extent of the compromise.
The investigation revealed that the compromised email accounts contained a wealth of sensitive information, including names, dates of birth, medical diagnoses, prescriptions, medical record numbers, patient identification numbers, Medicare and Med-Cal numbers, health insurance details, Social Security numbers, and financial information. While the Public Health department could not definitively confirm whether the accessed information had been misused, individuals were urged to review the accuracy of their medical records with their healthcare providers.
In response to the breach, the department issued a press release advising affected individuals to monitor their identities and providing them with a year of Kroll, an identity monitoring service. Those impacted by the breach will receive notification by mail, and concerned individuals can inquire about their status by calling 1-866-898-4312 during Pacific time business hours.
The breach highlights the ongoing threat posed by phishing attacks and underscores the importance of vigilance in protecting sensitive information. As cybercriminals continue to employ increasingly sophisticated tactics, organizations must remain proactive in implementing robust cybersecurity measures to safeguard their data and mitigate the impact of potential breaches. The incident serves as a stark reminder of the critical need for organizations to prioritize cybersecurity and invest in the tools and training necessary to combat evolving cyber threats.