Oregon DHS notifies public of data breach
SALEM, Ore. (KTVZ) – The Oregon Department of Human Services announced Friday that it uncovered a "phishing" incident on March 6 that affected one staff member’s e-mail.
"The Department of Human Services takes the privacy and confidentiality of employee and client information seriously," the agency said. "Established information technology security processes enabled the agency to detect and contain the incident quickly and stop the unauthorized access."
What happened?
A spear phishing email was sent to a DHS employee. The employee opened the  phishing email and exposed their credentials to an outside entity. The agency cannot confirm that any client or employee’s personal information was copied or used inappropriately.
What DHS is doing about it:
- DHS is in the process of thoroughly reviewing the incident and the information involved. DHS plans to contract with an outside entity to clarify the number and identities of any individuals whose information was compromised, and the specific kinds of information involved.
- While there is no indication that any protected health information was copied or used inappropriately, DHS will notify any individuals whose information was compromised.
- DHS will provide identity theft protection services to potentially impacted employees and clients.
The security and confidentiality of private health information is critical to the Department of Human Services. While the department cannot confirm that any clients’ personal information was acquired from its email system or used inappropriately, it is notifying the public because information was accessible to an unauthorized person or persons.
DHS will provide updates as more information is known.