Saturday, December 24, 2016

Massive LA County cyberattack impacts 756K people

Massive LA County or Los Angeles County in the recent days has started to notify over 756,000 people of a massive cyberattack that happened in the month of May 2016 across several county departments, involving healthcare, mental health and public health services.

Most of the affected people had contact with the Department of Healthcare Services, the Los Angeles Times reports.

The attacker sent phishing emails to almost 1,000 county workers, and 108 of them clicked on the message and provided usernames and passwords, in accordance to a notice from the county. As has become usual in the time period of cyber attacks, notification to impacted people was delayed far past the HIPAA requirement of sixty days from discovery of a breach at the appeal of law enforcement agencies. The agencies mostly are investigating several breaches launched by the similar attacker, find other HIPAA cover entities that were hit and then notify them.

Compromised information at the massive LA County involved names, dates of birth, Social Security numbers, driver’s license or state identification numbers, home addresses, phone numbers, payment card and bank account data, and medical data, like insurance identification number, diagnoses, treatment histories and medical record number. A known suspect is being sought with an arrest warrant released for a person with Nigerian citizenship, account to the county notice.

The county is providing identity monitoring services to affected people for 1 year; the services involve credit monitoring, identity consultation and identity restoration. Although, attackers usually now wait until after protective services end before using the stolen data.

This isn’t LA County’s 1st key breach of protected health information. The theft of a laptop at a regional office in the year of 2013 affected 18,162 people. The county also was the victim of a huge breach in the year of 2014, when business associate Sutherland Healthcare Solutions had 8 computers stolen, impacting more than 300,000 people. Following the latest breach, the massive LA County has enhanced its cybersecurity awareness training.

 

No comments:

Post a Comment