A phishing attack has been experienced by the Florida Agency for Persons with Disabilities (FAPD), which provides support services for people with disabilities such as autism, cerebral palsy, spina bifida, and Downs syndrome.
The phishing attack took place on April 10, 2018 and was restricted to a single email account; however, that account included the PHI of 1,951 customers or guardians.
While no proof was found to suggest any PHI was seen or copied by the attacker, PHI access could not be ruled out with 100% certainty. The compromised email account included information such as names, birth dates, addresses, telephone numbers, health information, and Social Security details.
All clients have now been alerted of the breach and have been offered free credit monitoring services for 12 months.
Three days after the attack occurred, FAPD adapted a security upgrade to stop unauthorized people from accessing its email system and further training on email security protocols was supplied.
This is not the first phishing attack to be experienced by the agency this year. In February, a more extensive phishing attack happened that resulted in multiple email accounts being accessed. That phishing attack impacted more than 55,000 customers, whose names, birth dates, and Social Security numbers were potentially accessed.
In October 2004, the Agency for Persons with Disabilities (APD) was established as an agency separate from the Department of Children and Families, specifically charged with serving the needs of Floridians with developmental disabilities. Before it was set up, it operated as the Developmental Disabilities Program. The agency is was set up under the auspices by Chapter 20, Chapter 393, and Chapter 916 of the Florida Statutes. The APD works with with local communities and private suppliers to help people who have developmental disabilities and their families. APD also gives help in identifying the needs of people with developmental disabilities for supports and facilities.
After the phishing attach in February, FAPD said it had adapted multi-factor authentication to stop unauthorized accessing of its email accounts and supplied additional training for staff members on email security measures.