The Oregon Department of Human Services is among the latest companies to reveal a phishing breach impacting the protected health information of over 350,000 individuals.
In a statement released on March 21, Oregon’s DHS says, on January 8, nine of its staff members fell victim to a phishing campaign. As a result, their emails were compromised. When the breach was discovered, the staff members changed their passwords, and DHS was able to stop the unauthorized access to the affected email mailboxes.
Following an investigation, it was discovered that nearly two million emails were involved in the breach and the personal and protected health data of over 350,000 individuals was compromised.
The information contained in the emails included DHS clients’ names, addresses, Social Security numbers, DHS case numbers, and other information used to administer DHS programs.
While there is no indication that any personal information was copied from its email system or used inappropriately, the department will be offering identity theft and crediting monitoring services for impacted individuals, DHS says.
Additionally, DHS confirmed that it will be filing a data breach report with the Department of Health and Human Services’ Office for Civil Rights.