L.A. County Phishing Attack: 750,000 record data breach

County_of_Los_Angeles_Health_Services.jpg

 

Confidential health data or personal information of more than 750,000 people may have been accessed in a cyberattack on Los Angeles County employees in May that led to charges this week against a Nigerian national, officials have disclosed.

The May 13 attack targeted 1,000 county employees from several departments with a phishing email. The email tricked 108 employees into providing usernames and passwords to their accounts, some of which contained confidential patient or client information, officials said.

Most of the 756,000 people whose information may have been accessed had contact with the Department of Health Services, according to the county. A smaller amount of confidential information from more than a dozen other county departments also was compromised.
“These kinds of phishing attacks are on the rise throughout society — and the county has not been immune from that trend,” county spokesman Joel Sappell said in a statement.

Among the data potentially accessed were names, addresses, dates of birth, Social Security numbers, financial information and medical records — including diagnoses and treatment history — of clients, patients or others who received services from county departments.

In February, officials disclosed that the Department of Health Services had been targeted in ransomware attack, a type of malware that cuts off users’ access to files or threatens to destroy them unless a ransom is paid.

The county is offering a year of free credit and identity-theft monitoring for people affected by the May phishing attack and has set up a website and call center for those seeking information: (855) 330-6368.

Ransomware attacks very often succeed through a phishing attack with a spoofed ‘From’ address. These types of attacks are hard to spot and employees tend to fall for them.

[contentblock id=73 img=gcb.png]

 Hello! 

CEO, Author of the #1 Risk to Small Businesses

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>