Lake County, Ill. — On March 6, 2023, Lake County, Illinois (Lake County) became aware of a security breach in which an unauthorized third-party (Threat Actor) gained access to one Lake County Health Department and Community Health Center (LCHD/CHC) employee’s email account.
The impacted user account included partially de-identified information regarding Lake County residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23, 2012, and March 6, 2023.
Lake County promptly secured this account and investigated the unauthorized activity with Microsoft. On March 9, 2023, Lake County engaged a third-party vendor to perform a forensic analysis of the initial penetration and the unauthorized activities of the Threat Actor.
No evidence of unauthorized transfer of data contained in the email account was found; however, it cannot be ruled out.
Information that may have been involved included names, addresses, zip codes, date of birth, gender, phone number, email address, medical record number, diagnosis/conditions, lab results, and other treatment information used by the Communicable Disease outreach program. Social Security numbers and financial information were not included.
We want to assure those affected that we will continue to actively address cyber-security concerns, as we are dedicated to protecting your privacy and personal information. In this case, we have implemented additional safeguards and cyber security training to prevent similar occurrences in the future.
Anyone with questions regarding this breach may call the Lake County Health Department Privacy Officer toll-free at (855) 204-2684.
###
|