A data leak from a Los Angeles County Department of Health contractor resulted in the theft of data from 14,591 patients.
Nemadji, which provides patient admissions and billing services for medical facilities, identified a breach that occurred on March 28, 2019 because an employee was the victim of a phishing attack.
As reported, “On June 5, 2019, we identified the first theft of personal information that may have been available as a result of this incident, and Nemadji began to provide notice on the outskirts to its business partners of the medical facility,” Nemadji said in a breach notice.
Addresses, admission dates, claim numbers, aid categories, dates of birth, Insurance Numbers, diagnosis codes, group names, group numbers, insurance information, medical records numbers, other appointment IDs, patient account numbers, Medicaid/Medicare identification numbers/all were at risk of theft.
While the data was encrypted, officials said, the email account included encryption keys that allowed information about the patient to be collected. As a result, Nemadji has set up a victim assistance line and offers access to free credit controls and personal protection services.