SALEM, Ore. – The private health information of over 350,000 Oregonians may have been compromised in an apparent phishing incident.
The Oregon Department of Human Services said they became aware of the breach on January 28, 2018.
According to state officials, nine employees opened a phishing email and clicked a link that compromised their email boxes, allowing third-party access to emails the employees sent and received. The phishing emails were believed to have been sent on January 8, 2019. In all, nearly 2 million emails were in the affected mailboxes.
DHS said the data breach has been stopped and an investigation is ongoing.
Information compromised may include client names, addresses, dates of birth, Social Security numbers, case numbers, and other data protected under the Health Insurance Portability and Accountability Act (HIPPA).
So far, DHS said there is no indication information was actually copied from its email system or used inappropriately.
An outside agency, IDExperts, is performing a forensic review and will attempt to contact anyone whose information was exposed.
On Friday, an information line will be available at 1-800-792-1750 to assist DHS clients. More information can be found at http://ide.myidcare.com/oregonDHS