Phishing attack exposes 350,000 Oregon residents' medical information

The Oregon Department of Human Services reported an email phishing attack on two million agency emails, which may have exposed more than 350,000 individuals' medical information.

HIPAA-protected medical information of at least 350,000 Oregonians that may have been affected includes names, addresses, Social Security numbers, dates of birth and case numbers, according to a news release.

On Jan. 8, Oregon DHS employees received a phishing email. Nine employees opened the email and clicked on a link, which gave unauthorized users access to the employees' email information and compromised their email mailboxes that collectively contained nearly two million emails.

Oregon DHS provides services to 1.6 million people, and the data breach could affect individuals involved in foster care or the state's food assistance system as well as any elderly or disabled people, agency spokesman Robert Oakes told the Cannon Beach Gazette.

The agency hired third-party firm IDExperts to investigate the security breach, which concluded there is no indication that any personal information has been used inappropriately as a result of the breach. Oregon DHS is in the process of identifying clients who have been affected by the cyberattack, and IDExperts will mail letters to notify those individuals. Oregon DHS will also provide identity theft recovery services for those affected.

More articles on cybersecurity:
Medical device developers turn to FDA for cybersecurity guidance
CEOs see pay raises after cyberattacks, study finds
Mississippi building antitrust case against Google over data privacy

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months