The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees.
This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United States) and is the second largest public health care system in the country after NYC Health + Hospitals.
As revealed in
data breach notifications sent to potentially affected individuals, 23 employees had their mailboxes compromised after their credentials were stolen in a February attack.
As a result, the attackers gained access to patients' personal and health data stored in the employees' e-mail inboxes.
"DHS conducted an administrative review and determined that approximately 6,085 individuals' information may have been impacted," L.A. County Health Services told BleepingComputer in a statement.
"Between February 19, 2024, and February 20, 2024, DHS experienced a phishing attack. Specifically, a hacker was able to gain log-in credentials of 23 DHS employees through a phishing e-mail," the notifications also revealed.
"In this case, the DHS employees clicked on the link located in the body of the e-mail, thinking that they were accessing a legitimate message from a trustworthy sender."
