The health department has announced they experienced a security breach in their email system that exposed some Lake County residents’ personal health data and private information.
Lake County officials announced late last week they became aware of the breach on March 6.
It involved an unauthorized third-party gaining access to a Lake County Health Department and Community Health Center employee’s email account.
The impacted email account included partially de-identified information regarding Lake County residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23, 2012, and March 6, 2023.
Lake County officials secured the account and investigated the unauthorized activity with Microsoft.
The county hired a third-party vendor on March 9 to perform a forensic analysis of the initial penetration and the unauthorized activities.
No evidence of unauthorized transfer of data contained in the email account was found but it cannot be ruled out, the health department said.
Information that may have been exposed includes names, addresses, zip codes, date of birth, gender, phone number, email address, medical record number, diagnoses or conditions, lab results and other treatment information used by the Communicable Disease outreach program.
Social Security numbers and financial information were not included.
“We want to assure those affected that we will continue to actively address cyber-security concerns, as we are dedicated to protecting your privacy and personal information,” the health department said in a statement.
“In this case, we have implemented additional safeguards and cyber security training to prevent similar occurrences in the future,” the department added.
Anyone with questions regarding the breach can call the Lake County Health Department Privacy Officer at 855-204-2684.