A data breach at a Los Angeles County Department of Health Services contractor resulted in the compromise of data from 14,591 patients.
Nemadji, a company that provides patient eligibility and billing services for healthcare facilities, identified a data breach that took place on March 28, 2019 due to an employee falling victim to a phishing attack.
“On June 5, 2019, we identified the first instance of personal information that may have been accessible as a result of this incident, and Nemadji began providing notice of the incident to its healthcare facility business partners,” Nemadji said in its breach notification.
Addresses, admission/discharge dates, claim numbers, aid categories, dates of birth, Social Security numbers, diagnosis codes, group names, group numbers, insurance information, medical record numbers, other encounter identifiers, patient account numbers, Medicaid/Medicare/other identification numbers, and subscriber names were all compromised in the incident.
While the data was encrypted, officials said the the email account included encryption keys that made it possible to gather patient information. As a result, Nemadji has set up an assistance line for those affected and is offering access to free credit monitoring and identity protection services.