Los Angeles County said Friday that personal information of more than 200,000 people in the county may have been exposed after hackers used phishing emails to steal the login credentials of 53 public health employees.
Details that may have been accessed in the February data breach include names, dates of birth, diagnoses, prescription information, medical record numbers, health insurance information, Social Security numbers and other financial information of Public Health Department customers, employees and other individuals.
“Each affected individual may have been affected differently, and not all of the factors described were present in each individual,” the agency said in a news release.
Public Health will mail notifications to people affected by the breach, and anyone wanting to find out if their information was compromised can also call (866) 898-4312, Monday through Friday, 6 a.m. to 5 p.m.
The data breach occurred sometime between Feb. 19 and 20, when employees received phishing emails designed to trick recipients into providing sensitive information, such as passwords and login credentials. Authorities said employees thought they were accessing a legitimate message and clicked on a link in the body of the email. Details about the phishing email were not immediately available.
It was unclear when officials learned of the intrusion, and a department spokesman did not immediately respond to questions emailed Friday.
In response, officials said they disabled affected email accounts, reset devices, blocked websites identified as part of the phishing attack, and quarantined all suspicious incoming emails.
How do you protect yourself?
The county is offering free identity monitoring services through financial and risk advisory firm Kroll to those affected by the data breach.
People whose medical records may have been accessed by hackers should review them with their doctors to make sure they're accurate and haven't been altered. Officials say people should also review any benefit statements they receive from their insurance companies to make sure they're aware of all services that have been billed.
Individuals can also request their credit report to check for any inaccuracies.
Experts say the most effective way to block anyone from using your Social Security number is to put a freeze on your credit report, which stops anyone from opening new accounts with your information. The freeze is free and can be lifted when you need it. However, you'll need to contact each of the three major credit reporting agencies individually, which you can do online.
Times deputy editor John Healy contributed to this report.
