On January 28, 2019 DHS and Enterprise Security Office Cyber Security team confirmed that a breach of regulated information had occurred. Nine individual employees opened a phishing email and clicked on a link that compromised their email mailboxes and allowed access to these employees’ email information. Current information indicates on January 8th, a spear phishing email was sent to DHS employees. Through our process of discovery, we learned that there were nearly 2 million emails in those email mailboxes.
The unauthorized access to the affected email mailboxes was successfully stopped. DHS is in the process of thoroughly reviewing the incident and the information involved. This investigation includes clarifying the number of impacted records that might contain personal information of clients receiving services from DHS.
Clients’ Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA) was accessible to an unauthorized person. Client information may include first and last names, addresses, dates of birth, Social Security numbers, case number and other information used to administer DHS programs.
|Post Date: 2021-05-21 15:06:25||Last Update: 2021-05-21 17:11:09|