March 25, 2019

Spear Phishing Scheme Dupes Nine Staff Members at Oregon DHS Compromising PHI of 350,000 in Over 2M Email

Robinson+Cole Data Privacy + Security Insider

+ Follow Contact

Send

Embed

The Oregon Department of Human Services (DHS) announced late last week that nine of its staff members had fallen victim to a phishing campaign and that their email boxes were compromised on January 8, 2019. The intrusion was discovered on January 28, 2019. When the intrusion was discovered, the staff members’ changed their passwords to stop the access and an investigation commenced.

Following the investigation, it was learned that over two million emails were involved, and that the personal and protected health information of over 350,000 individuals had been compromised.

The information contained in the emails included DHS clients’ names, addresses, Social Security numbers, DHS case numbers “and other information used to administer DHS programs.”

DHS is offering identity theft resolution services and free credit monitoring to affected individuals.

DHS confirmed that it will be filing a data breach report with the Department of Health and Human Services’ Office for Civil Rights.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.