25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

1,790 Patients Impacted by Phishing Attack on Los Angeles Drug and Alcohol Treatment Center

Posted By on Aug 29, 2018

The West Los Angeles-based drug and alcohol treatment center, Authentic Recovery Center, is alerting 1,790 individuals that some of their personally identifiable information (PII) and protected health information (PHI) has potentially been obtained by an unauthorized individual as a result of a phishing attack.

The phishing attack was discovered on June 21, 2018 prompting a full investigation. The investigation confirmed that the breach was limited to a single email account. All other email accounts and systems remained secure at all times.

Access was first gained the email account on June 7, 2018 and continued until the breach was detected on June 21 and the account was secured.

An email-by-email analysis of the compromised account revealed it contained the PII and PHI of clients and employees. Employee information accessible through the account was limited to name and driver’s license number, with the exception of two individuals who also had their address, contact telephone number, date of birth, and Social Security number exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Clients impacted by the incident had their name exposed, the fact that they were clients of Authentic Recovery Center, and a limited amount of clinical information. Only one individual had payment card information exposed.

While the account was accessed, no evidence has been uncovered to suggest any information was obtained or misused by the attacker.

For the majority of individuals impacted by the breach, the risk of identity theft and fraud is low due to the types of information that were exposed. Out of an abundance of caution, all individuals affected by the breach have been offered complimentary credit monitoring services for 12 months. It was also recommended that impacted individuals check their credit reports for any sign of fraudulent activity.

The breach has prompted Authentic Recover Center to implement further controls to secure its email accounts and employees have been provided with further training about how they can secure information systems.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist