Los Angeles County Department of Health Services suffers data breach compromising patient records

  • The data breach occurred after Nemadji Research Corporation, a contractor of the L.A. County Department of Health Services fell victim to a phishing attack in March 2019.
  • The exposed data includes patient names, addresses, dates of birth, medical record numbers and Medi-Cal identification numbers.

Almost 14,591 patients who received medical care through Los Angeles County’s hospitals and clinics had their personal information compromised in a data breach.

What happened?

The data breach occurred after Nemadji Research Corporation, a contractor of the L.A. County Department of Health Services fell victim to a phishing attack in March 2019. Nemadji provides verification services to the L.A County DHS such as verifying which patients are eligible for Medi-Cal.

On March 28, 2019, a Nemadji employee opened a phishing email that allowed an unauthorized third-party to access the organization’s data for several hours. Though the data was encrypted, the employee’s email account included encryption keys.

What data was exposed?

  • The exposed data includes patient names, addresses, dates of birth, medical record numbers and Medi-Cal identification numbers.
  • Two patients’ also had their Social Security numbers exposed.
  • However, County officials confirmed that there is no evidence that the patients were the target of the attack or that any patient information had been misused.

What was the response?

  • Upon learning the incident, the agency reported the data breach to the FBI and the appropriate state and federal regulators.
  • Nemadji has improved its email security systems and is providing training to its employees on how to identify phishing emails.
  • The contractor is notifying the potentially impacted patients about the incident and is requesting them to monitor their account statements for any suspicious activity.
  • The contractor is also providing free credit monitoring and identity protection services to all the potentially impacted patients.

Original Post: https://cyware.com/news/los-angeles-county-department-of-health-services-suffers-data-breach-compromising-patient-records-0db8b77d

For more cybersecurity news and insights click this link: https://ascensiongt.com/cybersecurity-news-and-insights/

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.