July 9, 2024 at 12:59PM
In May 2024, the City of Philadelphia disclosed a data breach affecting over 35,000 individuals’ personal and protected health information. The breach, which occurred between May and July 2023, exposed demographic, medical, and limited financial data. The City has notified affected individuals and is taking steps to improve security and offer support services.
Based on the meeting notes, here are the key takeaways:
1. The City of Philadelphia experienced a data breach affecting more than 35,000 individuals’ personal and protected health information, which was disclosed in October 2024.
2. Attackers gained unauthorized access to multiple email accounts between May 26, 2023, and July 28, 2023.
3. The types of information exposed for impacted individuals include demographic information, social security numbers, medical information, and limited financial information.
4. The breach affected 35,881 individuals, and affected individuals were notified about the exposure of their personal data and protected health information.
5. The City has informed federal law enforcement of the breach, is implementing improved safeguards and training for its employees, and is offering free credit monitoring services for affected individuals for 12 months.
6. The City’s Department of Behavioral Health and Intellectual Disability Services (DBHIDS) also experienced a HIPAA breach in June 2020, where the personal health information of individuals it served was compromised in a phishing attack.
7. City officials have not explained how the attackers breached the City’s email accounts and why they delayed the disclosure for five months.
These are the key points extracted from the meeting notes regarding the data breach and related actions taken by the City of Philadelphia and its Department of Behavioral Health and Intellectual Disability Services.