Los Angeles County's Department of Public Health has experienced a significant breach of privacy due to a phishing scam that occurred between February 19 and February 20, 2024. Hackers obtained login details from 53 employees, potentially compromising personal data for over 200,000 people. Public Health took several reactive measures, including disabling affected email accounts and enhancing their cybersecurity to better shield against future email attacks.
To quickly contain the breach, Public Health reset and re-imaged devices blocked relevant phishing websites, and quarantined suspect emails. All staff have been urged to remain vigilant. The details that may have been at risk include names, birth dates, medical records, and financial information—although not all data elements were present for every individual. Public Health is taking steps to notify those potentially impacted, primarily through mail, and has also posted a notice on its website.
While it remains unclear whether any information was misused, individuals are encouraged to check their medical records for discrepancies. Public Health has enlisted the services of Kroll for a year of free identity monitoring to hopefully alleviate the concerns of those affected. They also advise reviewing guidelines for protecting oneself against identity theft and fraud.
Concerned individuals should feel free to contact Public Health's dedicated call center with any questions at 1-866-898-4312, available on weekdays from 6:00 a.m. to 5:00 p.m. Pacific Time. Additionally, any potential misuse of information should be promptly reported to address any possible harm arising from this incident.
