Phishing attack exposes information of 350,000 Oregon residents

March 29, 2019
Medicare Web

A recent phishing scam resulted in a data breach that affected at least 350,000 Oregon residents. According to a press release from the Oregon Department of Human Services (DHS), the incident occurred on January 8, when nine separate DHS employees opened a spear phishing email and clicked a link, which compromised their inboxes and 2 million emails. Protected health information (PHI) that may have been exposed includes:

  • Addresses
  • Birth dates
  • Case numbers
  • Names
  • Social Security numbers

DHS’ cybersecurity team confirmed the breach on January 29, which they discovered through their security process.

DHS states that 350,000 individuals may have been affected by the breach. The local KTVZ news station notes that DHS serves 1.6 million residents, so the number of those affected may be higher. According to DHS, an outside firm was hired to do a forensic review of the incident and will determine the number of individuals whose information was exposed. According to DHS’ press release, the investigation is still in process, and once completed, it will send individual notices to those specific clients whose PHI was exposed.

Related Topics: 
HIM/HIPAA, HIPAA