HIPAA Protected Well being Info Amongst Knowledge Stolen in Nov. 2023 Assault
The Metropolis of Lengthy Seashore, Calif., is notifying roughly 260,000 people that their protected well being info could have been stolen in a November 2023 cyberattack that additionally disrupted IT programs for a number of weeks. Town says it is added $1 million to its cybersecurity funds for the reason that incident.
See Additionally: Dwell Webinar | Resilience in Disaster: Recovering Your Minimal Viable Firm Quick
One media outlet reported the full variety of individuals affected by the incident may very well be as excessive as about 470,060, primarily based on breach experiences the Metropolis of Lengthy Seashore filed to varied state attorneys common.
The Metropolis of Lengthy Seashore didn’t instantly reply to Info Safety Media Group’s requests for clarification about whether or not the 260,000 people reported to the U.S. Division of Well being and Human Companies on April 14 are a subset of a bigger quantity.
A spokesperson for town advised ISMG that the possibly compromised recordsdata “may pertain to residents, workers, prospects and stakeholders.” Town didn’t pay a ransom, she stated.
Town stated in its breach discover that it skilled a community safety incident on Nov. 14, 2023 during which an “unauthorized third occasion” gained entry to its community.
In response to the incident, town quickly took its IT programs offiline. In the course of the outage, any enterprise features have been offline, together with utility invoice fee processing and digital facilities supplied by the Lengthy Seashore Public Library, in addition to different municipal providers. Town’s IT programs have been restored over a number of weeks.
In a incessantly requested questions doc posted on its web site, town stated the year-plus delay in breach notification was as a result of “in depth forensics investigation and guide doc assessment” that took the municipality roughly 15 months to lastly full on March 18.
“Anybody who has skilled a classy cyber incident is aware of it’s a time-intensive course of,” town stated.
Info doubtlessly accessed or acquired by the hackers varies amongst particular person however consists of title, date of start, monetary account and fee card info, biometric info, medical analysis and therapy info, in addition to authorities ID numbers. People whose Social Safety numbers the place doubtlessly compromised are being supplied complimentary credit score monitoring.
“This has confirmed to be an unprecedented occasion for our group, and we proceed to take this investigation and its findings critically,” stated Rex Richardson, Lengthy Seashore mayor. “We are going to proceed to be as clear as we will.”
The Southern California coastal metropolis, which homes roughly 466,000 individuals, accepted final September a $3.6 billion annual funds for fiscal 2025.
The municipality stated it added $1 million “to boost cybersecurity and data expertise infrastructure by means of the usage of cybersecurity specialists, coaching, testing, information loss prevention instruments and extra.”
The elevated cyber spending additionally funds two new positions that might be added to the cybersecurity group “to extend capability to observe, analyze and contribute to threat mitigation efforts and one place targeted on regulatory compliance, together with Cost Card Trade and HIPAA,” in accordance with a metropolis funds doc.
