April 26, 2024 at 08:39AM
Thousands of patients’ personal and health information was exposed in a data breach at Los Angeles County Department of Health Services. The breach was a result of a phishing attack on employees, compromising 23 mailboxes. Approximately 6,085 individuals’ information may have been impacted. The health system took measures to address the breach and will be notifying relevant agencies.
From the meeting notes, the main takeaways are:
1. The Los Angeles County Department of Health Services experienced a data breach after a phishing attack, affecting over two dozen employees and potentially compromising the personal and health information of approximately 6,085 individuals.
2. Information compromised included patients’ personal and health data stored in the employees’ e-mail inboxes, such as names, dates of birth, contact information, and medical records.
3. Response measures taken by L.A. County Health Services included disabling impacted e-mail accounts, resetting and re-imaging compromised devices, quarantining suspicious incoming e-mails, and circulating awareness notifications to remind employees to be vigilant with e-mails.
4. The health system will notify relevant agencies and advise affected patients to verify the content and accuracy of their medical records with their healthcare providers.
It is crucial to communicate to affected individuals and the relevant agencies in a clear, transparent, and timely manner. Additionally, reinforcing cybersecurity awareness and training for employees will be essential in preventing future breaches.