The city of Philadelphia has released a notice about a cyber incident that occurred in May and July involving personal health information.
On May 24, 2023, city officials initially became aware of suspicious activity in its email and launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the event. The investigation is ongoing.
However, to date, the investigation determined that between May 26, 2023 and July 28, 2023, an unauthorized actor may have gained access to certain email accounts and information. On August 22, 2023, the city became aware that the breach included email accounts that may contain protected health information.
The city did not report the number of emails or individuals affected.
The information affected varies by individual but may include name, address, date of birth, social security number, and other contact information; medical information, such as diagnosis and other treatment related information; and limited financial information, such as claims information.
The city says it will work to confirm the identities and contact information for potentially impacted individuals and provide notice through a written letter.
The city said it is also reviewing its existing policies and procedures and implementing additional safeguards to further secure information. It has also reported the event to the U.S. Department of Health and Human Services.
Citizens are urged to report any suspicious activity to their insurance company, health care provider, or financial institution.
Topics Cyber