Oregon DHS reveals data breach of more than 350,000 clients' data

The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link.

Posted: Mar 21, 2019 2:44 PM
Updated: Mar 21, 2019 3:22 PM

SALEM, Ore. — Oregon's Department of Human Services (DHS) revealed on Thursday that the private data of more than 350,000 clients may have been accessed in a massive data breach that began earlier this year.

The agency said that the breach stemmed from a phishing scam that infected the emails of nine separate employees after they clicked a suspicious link. The link "compromised their email mailboxes," and allowed the scammers to access the employees' emails.

"Unfortunately, Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA) was compromised and potentially exposed," DHS said.

Officials have not yet been able to confirm that the personal information of any specific clients was taken during the breach, but the potential size of the breach — more than 350,000 — means that the agency is required to notify the public under Oregon law.

According to DHS, scammers may have had access to the first and last names, addresses, dates of birth, Social Security numbers, case numbers, and other information from thousands of clients.

"While there is no indication that any personal information was copied from its email system or used inappropriately, the department will be offering identity theft recovery services for impacted individuals," DHS said.

DHS discovered the breach on January 28, and believe that the phishing scam targeting DHS employees began on January 8.

The agency said that it has hired an outside company called IDExperts to look into the breach and find out exactly how many people may have been compromised — and what specific information may have been available on each client.

On Thursday afternoon, Oregon Republican lawmakers quickly released a statement panning DHS officials' handling of the breach.

“Transparency continues to be a systemic problem at DHS. Oregonians deserve better from government agencies and departments. Protection of personal information they are required to provide the state should be given the highest priority. Beyond that, we’re seeing a growing accountability issue when DHS fails to quickly inform the public about embarrassing matters,” said House Republican Leader Rep. Carl Wilson (R-Grants Pass).

Oregon Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 32581

Reported Deaths: 542
CountyConfirmedDeaths
Multnomah7113137
Marion465894
Washington449760
Umatilla296241
Clackamas239861
Malheur161723
Lane118517
Jackson11395
Deschutes82512
Yamhill75713
Jefferson5298
Polk52915
Linn51913
Morrow4986
Lincoln48113
Union4462
Benton3106
Wasco2893
Klamath2802
Hood River2510
Douglas2274
Clatsop2040
Josephine1982
Columbia1651
Coos1560
Baker942
Crook621
Tillamook520
Lake320
Curry310
Wallowa301
Sherman180
Harney120
Grant90
Gilliam80
Unassigned00
Wheeler00
Eugene
Clear
60° wxIcon
Hi: 72° Lo: 47°
Feels Like: 60°
Corvallis
Clear
60° wxIcon
Hi: 74° Lo: 49°
Feels Like: 60°
Roseburg
Clear
65° wxIcon
Hi: 76° Lo: 50°
Feels Like: 65°
North Bend
Clear
60° wxIcon
Hi: 75° Lo: 57°
Feels Like: 60°
KEZI Radar
KEZI Temperatures
KEZI Planner

LATEST FORECAST

Community Events