Security News > 2024 > April > LA County Health Services: Patients' data exposed in phishing attack

The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees.

This integrated health system operates the public hospitals and clinics in L.A. County and is the second largest public health care system in the country after NYC Health + Hospitals.

"DHS conducted an administrative review and determined that approximately 6,085 individuals' information may have been impacted," L.A. County Health Services told BleepingComputer in a statement.

After discovering the breach, L.A. County Health Services disabled the impacted e-mail accounts, reset and re-imaged the compromised employees' devices, and quarantined all suspicious incoming e-mails.

The health system will also notify the U.S. Department of Health & Human Services' Office for Civil Rights, the California Department of Public Health, and other relevant agencies of the data breach.

Even though no evidence was found during the investigation that the attackers accessed or misused the exposed personal and health information, L.A. County Health Services advises affected patients to contact their healthcare providers to verify the content and accuracy of their medical records.

News URL

https://www.bleepingcomputer.com/news/security/la-county-health-services-thousands-of-patients-data-exposed-in-email-breach/