Nemadji Research Corporation data breach exposed PHI

Essentia Health, the integrated health system that is serving Wisconsin, North Dakota, Idaho, and Minnesota, has been sending notifications to over 1,000 patients informing them that some of their PHI (Protected Health Information) got exposed. Like many other healthcare providers, the Essentia Health also works with third-party vendor who provides the billing services, so as to help in recovering the lost revenue. Nemadji Research Corporation, a Bruno, Minnesota-based billing services company, is the third-party vendor who provided those services to Essentia Health.

Patient data of Essentia Health was possibly breached during the phishing attack on their third-party vendor Nemadji Research Corporation (also known as California Reimbursement Enterprises).

Nemadji Research Corporation officials said that one of their employees became victim of a phishing attack on Mar. 28, 2019. With assistance of a third-party forensics firm, Nemadji Research Corporation found that a hacker was having access to the compromised email account for some hours before this attack was discovered. So, this gave the hacker access to personal information of several clients.

Essentia Health has not revealed exactly what kinds of information have been exposed in their substitute breach notice that was posted on the website. Nemadji Research Corporation was provided by the Essentia Health certain kinds of PHI, which allows Nemadji to perform their contracted services. The breached data possibly included the information shared with the Nemadji Research Corporation related to those services.

Essentia Health notification also did not specify whether the breached data is different from that of Los Angeles County Department of Health Services, which included the patient demographic details, patient account numbers, medical record numbers, dates of services, dates of birth, admission dates and discharge dates.

The officials of Essentia Health said that they are investigating this incident to "ensure that the privacy of patient information is maintained". All affected patients will be provided a year of complementary credit monitoring services.

Moreover, anybody having questions about this data breach incident can contact Essentia Health at 218-786-6404 from Monday to Friday (between 8am to 4:30pm).

Julene Brown, Chief Compliance Officer of Essentia Health, said in a statement "please be assured that Essentia Health is taking this incident very seriously. Patient privacy is crucially important to us and we apply significant time and resources to safeguard all patient-related information".

» SPAMfighter News - 8/5/2019