Cybersecurity Woes in Los Angeles County: A Phishing Attack Exposes Sensitive Data of 200,000 Individuals

In recent news, the Los Angeles County Department of Public Health (DPH) confirmed that information from 200,000 individuals was stolen in a phishing attack that compromised the credentials of 53 employees. The attackers were able to access and exfiltrate sensitive information such as names, dates of birth, social security numbers, health insurance details, diagnoses, prescriptions, patient IDs, Medicare/Med-Cal numbers, medical record numbers and other financial data.

This incident marks the latest in a series of phishing attacks to hit the county. In addition to DPH, recent attacks on the Department of Health Services and the Department of Mental Health have affected thousands of individuals. These incidents underscore the importance of cybersecurity measures to protect sensitive information and prevent unauthorized access to personal data.

In response to the incident, DPH took immediate action by deactivating all affected email accounts and blocking websites involved in the phishing campaign. While it is unclear whether the stolen information was accessed or misused, individuals are advised to review their health records with their healthcare provider to ensure its accuracy.

The DPH encourages all employees to report any suspicious emails or requests for personal information immediately. Additionally, they remind everyone that cybersecurity measures such as strong passwords and two-factor authentication can help prevent future phishing attacks.