Updated July 17th, 2019
A data breach at a Los Angeles County Department of Health Services
contractor resulted in the compromise of data from 14,591 patients.
Nemadji, a company that provides patient eligibility and billing
services for healthcare facilities, identified a data breach that took
place on March 28, 2019 due to an employee falling victim to a phishing
attack.
“On June 5, 2019, we identified the first instance of personal
information that may have been accessible as a result of this incident,
and Nemadji began providing notice of the incident to its healthcare
facility business partners,” Nemadji said in its breach notification.
Addresses, admission/discharge dates, claim numbers, aid categories,
dates of birth, Social Security numbers, diagnosis codes, group names,
group numbers, insurance information, medical record numbers, other
encounter identifiers, patient account numbers, Medicaid/Medicare/other
identification numbers, and subscriber names were all compromised in the
incident.
While the data was encrypted, officials said the the email account included encryption keys that made it possible to gather patient information. As a result, Nemadji has set up an assistance line for those affected and is offering access to free credit monitoring and identity protection services.