Nemadji, a contractor for the Los Angeles County Department of Health Services, fell victim to a phishing attack, exposing personal information of 14,600 patients.
The personal information of thousands of patients who have received medical care through Los Angeles County’s hospitals and clinics was exposed in a data breach, reported by the Los Angeles Times.
The Nemadji Research Corp., which contracts with the L.A. County Department of Health Services, fell victim to a phishing attack earlier this year that allowed outside access to medical information for 14,591 patients.
The data that was exposed includes patient names, addresses, dates of birth, medical record numbers and Medi-Cal identification numbers. Two patients’ Social Security numbers were also revealed, officials said.
The Department of Health Services oversees several clinics and hospitals, including County-USC Medical Center in Boyle Heights and Olive View-UCLA Medical Center in Sylmar. The agency is the second-largest health system in the nation, according to its website.
The agency contracts with Nemadji, which is based in Minnesota, for help verifying which patients are eligible for programs that could cover the cost of their care, such as checking for Medi-Cal eligibility.
On March 28, a Nemadji employee opened an email that allowed an outsider to access the company’s data for several hours. Though the data was encrypted, the email account included encryption keys that made it possible to gather patient information, according to a statement from Nemadji.
County officials said there was no evidence that its patients were the target of the attack or that any patient information had been misused.
However, Nemadji is offering access to free credit monitoring and identity protection services for anyone who may have been affected. The company said that it improved its email security systems and employee training after the attack.
Nemadji has set up an assistance line at (800) 491-4740 for anyone seeking more information about the incident. It will be staffed from 8 a.m. to 5:30 p.m. PST, Monday through Friday. More information can be found at the company’s website, nemadji.org.
Karlamangla, Soumya. (2019, July 9). Data breach exposes information of thousands of patients in L.A. County. Los Angeles Times.