Pierluigi Paganini October 23, 2023

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts.

The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information.

The incident was discovered on May 24, but further investigation revealed that threat actors have had access to the compromised email accounts at least since March 2023.

“On May 24, 2023, the City initially became aware of suspicious activity in its email environment. We launched an investigation, with the assistance of third-party cybersecurity specialists, to determine the nature and scope of the event. The investigation is ongoing.” reads the notice of incident published by the City. “However, to date, the investigation determined that between May 26, 2023 and July 28, 2023, an unauthorized actor may have gained access to certain City email accounts and certain information contained therein. Also, on August 22, 2023, we became aware that the at-issue email accounts include email accounts that may contain protected health information.”

The City of Philadelphia announced that it is conducting a comprehensive, programmatic and manual review of the potentially impacted email accounts. Once the review is completed, the City will confirm the identities and contact information of potentially impacted individuals and will notify them.

Exposed information varies by individual and can include demographic information (i.e. name, address, date of birth, social security number, and other contact information), medical information (i.e. diagnosis and other treatment-related information), and limited financial information, such as claims information.

The City is also reviewing its existing policies and procedures, it is also implementing additional administrative and technical security measures. It also notifies relevant authorities and regulators, including the U.S. Department of Health and Human Service.

Potentially affected Individuals are recommended to remain vigilant against fraudulent activities such as identity theft and scam attempts.

Users can review account statements and credit reports, and report any suspicious activities.

The notice of the incident did not reveal technical details about the incident and why the City representatives waited months to publicly disclose the security breach.

In 2020, the City disclosed a significant email breach, that resulted from a successful phishing attack on an employee.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, City of Philadelphia)