SALEM, Ore. – The private health information of approximately 645,000 Oregonians may have been compromised in an apparent phishing incident.
The Oregon Department of Human Services said they became aware of the breach on January 28, 2019.
According to state officials, nine DHS employees opened a phishing email and clicked a link that compromised their email boxes, allowing third-party access to emails the employees sent and received. The phishing emails were believed to have been sent on January 8, 2019. In all, nearly 2 million emails were in the affected mailboxes.
Information compromised may include client names, addresses, dates of birth, Social Security numbers, case numbers, and other data protected under the Health Insurance Portability and Accountability Act (HIPPA).
DHS said the data breach was stopped and an investigation is ongoing. The public was notified about the incident in March 2019
So far, DHS said there is no indication information was actually copied from its email system or used inappropriately.
An outside agency, IDExperts, is performing a forensic review and will attempt to contact anyone whose information was exposed.
Starting on June 19, individual notices will be sent out to people whose data may have been compromised.
DHS stated they’re providing one year of identity theft monitoring and recovery services to individuals whose information as accessible. Instruction on how to access the monitoring will be included in each notification letter.
An information line is available at 1-800-792-1750 to assist DHS clients. More information can be found at http://ide.myidcare.com/oregonDHS