In a news release, county officials said five employees gave out their official login information through an external website after receiving emails sent by unknown scammers on June 22, 2021.
During an audit of email mailboxes on Nov. 17, the county discovered that 2,096 records containing protected health information and 816 records of personal identification information were exposed after the phishing scam.
Those whose information was exposed by the scam were notified by mail Friday. These victims were offered a year of free credit monitoring, credit resolution and identity restoration services.
Since the data breach, the county has changed passwords and strengthened password requirements, updated its security management plan, retrained workers and implemented two-factor authentication.
The phishing scam was reported to the Sacramento County Sheriff's Office, the U.S. Department of Homeland Security, the U.S. Department of Health and Human Services and the California Department of Health Care Services.
© 2022 The Sacramento Bee (Sacramento, Calif.). Distributed by Tribune Content Agency, LLC.