Los Angeles County DHS impacted by data breach

Around 14,600 patients who have received medical care from Los Angeles County's clinics and hospitals had their personal data compromised due to a data breach.

This data breach occurred when Nemadji Research Corporation, contractor of the Los Angeles County Department of Health Services (DHS), became victim of phishing attack in Mar. 2019. Nemadji Research Corporation, who is doing business as the California Reimbursement Enterprises, provides billing services and verifies patient eligibility for several healthcare organizations as well as hospitals all over the state. L.A. County DHS also receives services from this company.

On Mar. 28, 2019, IT staff of the California Reimbursement Enterprises has detected unusual activity in email account of one employee. Officials of the company said that they hired an outside computer forensics team in order to help with the investigation. The officials found that one of the employees became victim of phishing email on that same day of Mar. 28 when unusual activity has been discovered.

Further investigation determined that a hacker was having access to the compromised employee email account for some hours, after which the access has been terminated. As a hacker was having access, so all emails in compromised email account were checked.

On Jun. 5, 2019, Nemadji Research Corporation confirmed that their clients' patient information was exposed and notifications have been issued to the affected business partners. A few of the emails in compromised email account contain some individuals' PHI. Nemadji Research Corporation notified L.A. County DHS regarding the breach on Jun. 26, 2019, and also confirmed that 14,591 patients of L.A. County DHS were affected.

The exposed data contains patient names, dates of birth, addresses, patient account numbers, telephone number, medical record numbers, Medi-Cal identification numbers, dates of service, admission date(s), and discharge date(s). In addition, Social Security number of two patients and diagnostic codes of four patients also got exposed.

Upon learning about the incident, the company has reported this data breach to FBI as well as to the appropriate federal and state regulators.

Since this data breach occurred, Nemadji Research Corporation has bolstered their cybersecurity, including enhancing the email security systems as well as providing employees additional training on ways to identify the phishing emails. All the impacted patients were offered complimentary identity theft protection and credit monitoring services, as well as were sent the breach notifications on Jul. 8, 2019.

» SPAMfighter News - 8/5/2019