June 1, 2020
The Department of Behavioral Health and Intellectual disAbility Services (“DBHIDS”) is posting this notice to alert individuals that their personal health information may have been compromised as a result of a cybersecurity attack. This incident impacts individuals served by the Division of Intellectual disAbility Services (“IDS”), which coordinates and administers home and community habilitation, adaptive equipment, behavior and other therapies, early intervention, and residential, respite, employment, and day services for individuals with intellectual disabilities in Philadelphia.
On March 31, 2020, DBHIDS learned that an IDS employee’s email account had been compromised as a result of a phishing attack. The Office of Innovation and Technology’s Information Security Group (“OIT”) immediately secured the account and began an investigation. On April 2, OIT learned that an additional email account within IDS was also compromised. OIT is currently investigating additional DBHIDS employee accounts that may have also been compromised and will update this notice as more information is available. This attack is believed to be connected to a series of malicious attacks targeting health care and social services agencies during the COVID-19 global pandemic.