October 23, 2023 at 05:32AM
The City of Philadelphia is investigating a data breach that occurred in May, where attackers may have gained access to personal and protected health information. The breach notice states that unauthorized actors may have accessed certain City email accounts between May 26 and July 28, 2023. Impacted individuals’ information includes demographic, medical, and limited financial information. The City is conducting a comprehensive review and will notify potentially affected individuals. City officials advise affected individuals to stay vigilant against financial fraud and monitor credit reports. The details of the breach and the delay in disclosing it are yet to be provided. In a separate incident in 2020, the City’s Department of Behavioral Health and Intellectual Disability Services experienced a phishing attack that compromised personal health information.
Key Points from Meeting Notes:
– The City of Philadelphia is investigating a data breach that occurred five months ago, in May.
– Attackers potentially gained access to City email accounts containing personal and protected health information.
– The breach was discovered on May 24, but the investigation found that the attackers may have accessed the compromised email accounts for at least two months after the incident was detected.
– The unauthorized access to certain City email accounts and information may have occurred between May 26 and July 28, 2023. It was also discovered on August 22, 2023, that some of the affected accounts contain protected health information.
– A comprehensive review of the impacted email accounts is ongoing to determine the extent of the potential information exposure.
– Impacted individuals’ personal information may include demographic details (name, address, date of birth, social security number, contact information), medical information (diagnosis, treatment-related information), and limited financial information (claims information).
– The City plans to confirm and notify potentially impacted individuals via written letter once the review is complete.
– Individuals who may have been affected are advised to stay vigilant against financial fraud attempts and potential identity theft. They should closely monitor their credit reports and account statements and report any suspicious activity to their insurance company, healthcare provider, or bank.
– Details on how the attackers breached the City’s email accounts and the delay in disclosing the incident are yet to be provided by City officials.
– In June 2020, the City’s Department of Behavioral Health and Intellectual Disability Services (DBHIDS) disclosed a HIPAA breach that occurred following a phishing attack in March. The personal health information of individuals served by DBHIDS was compromised during the attack.