1,790 Patients Impacted by Phishing Attack on Los Angeles Drug and Alcohol Treatment Center

by | Sep 3, 2018

Authentic Recovery Center, a West Los Angeles-based drug and alcohol treatment center, is contacting 1,790 clients to inform them that some of their personally identifiable information (PII) and protected health information (PHI) may have been stolen by an unauthorized individual due to a phishing attack.

The phishing attack was identified on June 21, 2018 leading to a full investigation. This revealed that the breach was restricted to a single email account. All other email accounts and systems were unaffected.

Access was first obtained to the email account in question on June 7, 2018 and went on until the breach was finally noticed on June 21 and the account was locked down.

An email-by-email review of the compromised account showed that it contained the PII and PHI of clients and staff members. Employee information accessible via the account was restricted to name and driver’s license number, apart from that of two people who also had their address, contact telephone number, date of birth, and Social Security number stolen.

Clients affected by the incident had their name stolen along with the fact that they were clients of Authentic Recovery Center and a small amount of clinical data. Only one person had payment card information obtained.

While the account was exposed, no proof has been uncovered to indicate any information was obtained or misused by the hacker.

For most of the individuals affected by the breach, the danger of identity theft and fraud is minimal due to the range of information that were accessible. As a precautionary measure, all those affected by the breach have been provided with free credit monitoring services for one year. It was also recommended that affected people check their credit reports for any proof of fraudulent activity.

The breach has lead to the Authentic Recover Center adapting additional controls to safeguard its email accounts and staff members have been supplied with more training about how they can safeguard data systems.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy