Philadelphia: Hackers spent three months accessing city gov’t email accounts

Omega Balla
The government of Philadelphia said hackers spent at least three months inside city email systems, giving them wide access to health information stored in email accounts.

The government of Philadelphia said hackers spent at least three months inside city email systems, giving them wide access to health information stored in email accounts.

The city did not respond to requests for comment about how many people were affected by the situation, but in a notice released on Friday officials said an unauthorized actor had access to some city email accounts from May 26 to July 28.

The city became aware of suspicious activity in its email environment on May 24 but did not explain the discrepancy between the dates listed in the notice. The city discovered on August 22 that some of the email accounts accessed had protected health information in them, but subsequently waited until October to notify residents.

“The City’s comprehensive, programmatic and manual review is ongoing, and the types of information impacted vary by individual. However, the types of information impacted could include: demographic information, such as name, address, date of birth, social security number, and other contact information; medical information, such as diagnosis and other treatment related information; and limited financial information, such as claims information,” they explained.

“Upon learning of this event, we immediately took steps further [sic] secure our systems and email environment. As part of our ongoing commitment to information security, we are also reviewing our existing policies and procedures, implementing additional administrative and technical safeguards to further secure information in our care, and providing additional training on how to safeguard information in our email environment.”

City officials reported the issue to other regulators as well as the U.S. Department of Health, which has not yet added the event to its public list of reported breaches.

The city said it is still working with a cybersecurity firm to investigate the incident. This is the latest breach involving the city after two incidents in 2020. One incident involved a breach of a contractor for the City’s Department of Behavioral Health and Intellectual Disability Services that leaked the sensitive information of more than 108,000 people.

The city notified another 49,000 residents of a phishing attack that gave hackers access to city email inboxes.

Both the Philadelphia Inquirer and the Philadelphia Orchestra dealt with cyberattacks earlier this year.

BriefsCybercrimeGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Grammarly says it corrected sign-in vulnerabilities after alert from cyber researchers

Next Post

Russian artists’ Spotify accounts defaced by pro-Ukraine hackers

Related Posts

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
Avatar
Read More

Generative AI Security – Secure Your Business in a World Powered by LLMs

Did you know that 79% of organizations are already leveraging Generative AI technologies? Much like the internet defined the 90s and the cloud revolutionized the 2010s, we are now in the era of Large Language Models (LLMs) and Generative AI. The potential of Generative AI is immense, yet it brings significant challenges, especially in security integration. Despite their powerful capabilities,
Avatar
Read More