Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals. The LA County’s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024. Threat actors obtained the […]

LA County’s Department of Public Health

The County of Los Angeles’ Department of Public Health (DPH) disclosed a data breach that impacted more than 200,000 individuals.

The LA County’s Department of Public Health announced that the personal information of more than 200,000 was compromised after a data breach that occurred between February 19 and February 20, 2024.

Threat actors obtained the log-in credentials of 53 Public Health employees through a phishing campaign.

“Between February 19, 2024, and February 20, 2024, the Los Angeles County Department of Public Health experienced a phishing attack in which a hacker was able to gain log-in credentials of 53 Public Health employees through a phishing email, compromising the personal information of more than 200,000 individuals.” reads the notice of data breach published by DPH.

Upon discovering the phishing attack, Public Health disabled the impacted email accounts, and reset and reimaged the user’s device. The organization also blocked websites that was the origin of the attack and quarantined all suspicious incoming emails.

Potentially compromised e-mail accounts may have included DPH clients/employees/other individuals’ first and last name, date of birth, diagnosis, prescription, medical record number/patient ID, Medicare/Med-Cal number, health insurance information, Social Security Number, and other financial information.

“Affected individuals may have been impacted differently and not all of the elements listed were present for each individual.” continues the notice.

LA County’s Department of Public Health is notifying impacted individuals by mail.

The company is informing the U.S. Department of Health & Human Services’ Office for Civil Rights and other relevant agencies.

In response, Public Health has implemented numerous enhancements to reduce exposure to similar e-mail attacks in the future.

At the time of this writing, DPH cannot confirm if any information has been accessed or misused. The company recommends that impacted individuals review the content and accuracy of their medical records with their medical providers.

DPH announced it has implemented several enhancements to reduce exposure to similar email attacks in the future.

The agency is also offering entitled individuals free credit and identity monitoring services.

In April, the Los Angeles County Department of Health Services disclosed a data breach that impacted thousands of patients. Patients’ personal and health information was exposed after a phishing attack impacted over two dozen employees.

Los Angeles County Department of Health Services operates the public hospitals and clinics in Los Angeles County, and is the United States’ second largest municipal health system, after NYC Health + Hospitals.

The phishing attack occurred between February 19, 2024, and February 20, 2024. Attackers obtained the credentials of 23 DHS employees.

“A phishing e-mail tries to trick recipients into giving up important information. In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender.” reads the data breach notification sent to the impacted individuals. “Due to the ongoing investigation by law enforcement, we were advised to delay notifying you of this incident until now, as public notice may have hindered their investigation.”

The compromised information varied for each individual, potentially exposed information included the patient’s first and last name, date of birth, home address, phone number(s), e-mail address, medical record number, client identification number, dates of service, and/or medical information (e.g., diagnosis/condition, treatment, test results, medications), and/or health plan information.

Social Security Numbers (SSN) or financial information was not compromised.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, LA County’s Department of Public Health)