Lake County Health Department reports data breach exposing residents' health data

The health department of Lake County reported a security breach in their email system, resulting in the exposure of personal health data and private information belonging to some residents of Lake County. Lake County were made aware of the breach on March 6. The incident involved an unauthorized third party gaining access to an email account belonging to an employee of the Lake County Health Department and Community Health Center. The compromised email account contained partially de-identified information related to Lake County residents who may have been affected by a reportable communicable disease or were part of a cluster or outbreak investigated by the health department between April 23, 2012, and March 6, 2023. Upon discovering the breach, Lake County officials secured the affected account and collaborated with Microsoft to investigate the unauthorized activity. To conduct a thorough analysis of the initial breach and subsequent unauthorized actions, the county engaged the services of a third-party vendor on March 9. Although no evidence of unauthorized data transfer from the email account was found, the health department acknowledges that the possibility cannot be completely ruled out. The information that may have been exposed includes names, addresses, zip codes, date of birth, gender, phone numbers, email addresses, medical record numbers, diagnoses or conditions, lab results, and other treatment information used by the Communicable Disease outreach program. Social Security numbers and financial information were not compromised.