Oregon DHS reveals data breach of more than 350,000 clients' data

The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link.

Posted: Mar 21, 2019 2:44 PM
Updated: Mar 21, 2019 3:22 PM

SALEM, Ore. — Oregon's Department of Human Services (DHS) revealed on Thursday that the private data of more than 350,000 clients may have been accessed in a massive data breach that began earlier this year.

The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link. The link "compromised their email mailboxes," and allowed the scammers to access the employees' emails.

"Unfortunately, Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA) was compromised and potentially exposed," DHS said.

Officials have not yet been able to confirm that the personal information of any specific clients was taken during the breach, but the potential size of the breach — more than 350,000 — means that the agency is required to notify the public under Oregon law.

According to DHS, scammers may have had access to the first and last names, addresses, dates of birth, Social Security numbers, case numbers, and other information from thousands of clients.

"While there is no indication that any personal information was copied from its email system or used inappropriately, the department will be offering identity theft recovery services for impacted individuals," DHS said.

DHS discovered the breach on January 28, and believe that the phishing scam targeting DHS employees began on January 8.

The agency said that it has hired an outside company called IDExperts to look into the breach and find out exactly how many people may have been compromised — and what specific information may have been available on each client.

On Thursday afternoon, Oregon Republican lawmakers quickly released a statement panning DHS officials' handling of the breach.

“Transparency continues to be a systemic problem at DHS. Oregonians deserve better from government agencies and departments. Protection of personal information they are required to provide the state should be given the highest priority. Beyond that, we’re seeing a growing accountability issue when DHS fails to quickly inform the public about embarrassing matters,” said House Republican Leader Rep. Carl Wilson (R-Grants Pass).

Article Comments

Eugene
Clear
56° wxIcon
Hi: 82° Lo: 53°
Feels Like: 56°
Corvallis
Clear
59° wxIcon
Hi: 77° Lo: 51°
Feels Like: 59°
Roseburg
Few Clouds
62° wxIcon
Hi: 80° Lo: 54°
Feels Like: 62°
North Bend
Overcast
63° wxIcon
Hi: 67° Lo: 54°
Feels Like: 63°
KEZI Radar
KEZI Temperatures
KEZI Planner

LATEST FORECAST

Community Events