14 DAY TRIAL // The Louisiana Department of Health and Hospitals (DHH) is notifying 56,000 emergency medical technicians and paramedics that their personal information was exposed after a hacker compromised an Internet-facing system.
The breach occurred on September 17, when an unauthorized individual obtained access to a publicly accessible website commonly referred by the DHH as "the Portal," which houses a database of licensed first responders.
The compromise was detected after the intruder posted a message reading "You have been hacked" inside the system, which prompted the administrators to immediately take the server offline.
The database contained personally identifiable information (PII) such as names and addresses in conjunction with Social Security numbers.
"What we don’t know is whether the hacker was able to access any information," DHH spokeswoman Lisa Faust told 2theadvocate.
"Since we don’t know one way or the other we sent notices out to 56,000 people that there’s a potential that the information was compromised," she explained.
The letters recommend that affected individuals visit the Federal Trade Commission's website, which contains information on how to place a fraud alert on one's credit report in order to prevent identity theft.
"An employer or a record-keeping agency, no matter who they are, needs to protect that type of information. I mean, you just can't have it out there. "Naturally, you never know what a hacker or a kid or someone playing around -- what their intentions are, and unfortunately, you don't find that out until the damage is done," Nick Felton, president of the New Orleans Firefighters Association, told WWL-TV.
"We encourage all of our members to, like you say, keep an eye on your credit cards. Keep an eye on all of that vital information. Just understand, you've had a breach," he stressed.
The DHH has launched an internal investigation into the matter. It has also notified the Attorney's General Office and the Computer Crimes Division of the East Baton Rouge Parish Sheriff's Office. Update November 2: Corrected an error in the article where it incorectly said that the server was taken online instead of offline.