Los Angeles Department of Mental Health hacked

The Los Angeles Department of Mental Health has fallen victim to a multi-factor authentication attack, otherwise known as push notification spam.

The City of Gardena Police Department (GPD) was initially hit by a cyberattack in which threat actors accessed an employee’s GPD Microsoft Office 365 account via a multi-factor authentication attack or push notification attack on January 22nd, 2024.

The email exchanges between the GPD and the Department of Mental Health (DMH) allowed the threat actor(s) to contact a DMH employee via email and access that employee’s Microsoft Office 365 account.

Malicious actors employ push notification attacks (push fatigue attacks or MFA-prompt bombing) to bypass multi-factor authentication and breach accounts. The attackers often already possess valid usernames and passwords as they spam the victim with notifications to authenticate until the target tires and finally accepts it.

The personal information involved includes:

  • Names
  • Dates of birth
  • Social Security numbers
  • Addresses
  • Telephone numbers
  • Medical record numbers

Despite the vast amount of personal information involved, the DMH claims that there’s no evidence the information has been exploited.

Once the DMH became aware of the attack, the organization claimed to disable the affected accounts promptly while resetting “the Microsoft Office 365 and multi-factor authentication credentials,” the breach notification reads.

The investigation into the breach concluded on March 19th, 2024, once forensic specialists and law enforcement had been informed.

The DMH urges impacted individuals “to review your financial and account statements and immediately report all suspicious activity to the institution that issued the record.”

More from Cybernews:

US, UK officials say China cyberespionage campaign hit millions

Florida kids 13 and under banned from social media under new bill

US gov nails fintech firms for helping Russia fund Ukraine war

Apple picks Baidu for AI features in China - report

US Army sees “promising signals” after testing Ghost-X and other advanced drones

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked