MFA bypass results in breach at LA County Department of Mental Health

April 03, 2024 - A multi-factor authentication (MFA) failure led to the exposure of patient information pertaining to the Los Angeles County Department of Mental Health (DMH), a report filed with the California Attorney General’s Office stated.

On January 22, 2024, the City of Gardena Police Department (GDP) suffered a cyberattack in which a threat actor successfully gained access to an employee’s Microsoft Office 365 account through an MFA attack. Essentially, the hacker was able to send push notification spam to gain access to the account.

Once in the account, the hacker leveraged GPD’s email exchanges with the LA Department of Mental Health to get access to a DMH employee’s Microsoft Office 365 account. The threat actor was able to access specific personal information through this compromise, including names, dates of birth, Social Security numbers, addresses, medical record numbers, and phone numbers.

“Data privacy and security are among our top objectives, and we have extensive safeguards in place to protect the information entrusted to us,” the notice stated. “When we discovered the issue, we proceeded quickly to disable the affected accounts and reset the Microsoft Office 365 and multi-factor authentication credentials. We also informed law enforcement and assisted with their inquiry.”

DMH also said that it notified Microsoft of the vulnerability and has since introduced new security measures to account for this specific issue.

California Cancer Treatment Organization Hit by Cyberattack

City of Hope, a cancer treatment and research organization, notified 827,149 individuals of a data breach that occurred in October 2023. The Duarte, California-based organization became aware of suspicious activity on its systems on October 13 and immediately engaged experts to contain the incident.

“Upon discovery of this incident, City of Hope immediately instituted mitigation measures. It then promptly implemented additional and enhanced safeguards and enlisted the support of a leading cybersecurity firm to enhance the security of its network, systems, and data,” the notice stated.

Further investigation determined that an unauthorized party accessed a subset of its systems and obtained copies of some files. City of Hope issued an initial notice of the incident in December and issued more detailed notices in late March.

The impacted files contained Social Security numbers. City of Hope’s investigation is ongoing, but it is providing notices to known impacted individuals on a rolling basis.

Oklahoma Emergency Medical Services Authority Breach Impacts 611K

The Emergency Medical Services Authority (EMSA), based in Oklahoma, notified more than 611,000 individuals of a data breach. EMSA discovered suspicious activity on its network in February 2024 and immediately activated its incident response protocols, which included shutting off select systems.

EMSA later determined that an unauthorized party had gained access to its network between February 10 and 13 and acquired files containing patient information. The files included names, Social Security numbers, dates of birth, addresses, and primary care provider names.

EMSA is offering credit monitoring and identity protection services to individuals whose Social Security numbers were involved in the breach.

“To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards to further protect and monitor our systems,” EMSA assured patients.

Harvard Pilgrim Updates Breach Tally

Harvard Pilgrim Health Care added thousands of individuals to its breach count following further investigation into the 2023 ransomware attack, according to a report filed with the Maine Attorney General’s Office.

As previously reported, Massachusetts-based Harvard Pilgrim suffered a ransomware attack In April 2023, forcing it to take some systems offline temporarily to contain the incident.

In the year since the cyberattack occurred, Harvard Pilgrim has updated its count of the number of individuals impacted twice, adding hundreds of thousands of individuals to the tally. The latest update accounts for developments in Harvard Pilgrim’s ongoing investigation into the incident.

Harvard Pilgrim has since implemented additional security safeguards to prevent future incidents.