Nine employees within Oregon's Department of Human Services opened a phishing email on Jan. 8 that may have exposed around 645,000 people, according to the Statesman Journal.
Affected people were within the department's welfare and children services programs. Hackers may have gained access to people's personal health information, but it is unknown if the information was viewed or misused, the Statesman Journal reports.
Oregon officials announced June 18 they would be notifying individuals. Officials officially started mailing affected patients on June 19.
After the nine employees clicked on the phishing email, they reported having problems with their email accounts. By Jan. 28, officials shut down the nine employees' emails. Officials also contacted the Enterprise Security Office Cyber Security team that confirmed the data breach.
An initial review found up to 2 million emails were involved in the data breach. State officials alerted the public on March 21 of the data breach.
Individuals who were affected can receive up to 12 months of identity theft monitoring and recovery services from the state. Oregon also has a $1 million insurance reimbursement policy in place for the affected individuals, reports the Statesman Journal.