Thousands of L.A. County patient records exposed in data breach

LOS ANGELES – Nearly 14,600 patient records were exposed months ago in a “phishing attack” against a contractor working with the Los Angeles County Department of Health Services, county officials announced Tuesday.

There is no evidence that DHS patient information was the specific target of the phishing email, which was sent to an employee of Nemadji Research Corp., according to DHS officials.

Authorities say they haven’t yet seen any indication that patient data has been misused. However, the hacker had access to the employee’s email account for several hours on March 28 and records from several clients of the research firm were exposed during that time, according to DHS.

Data at risk may have included personal information such as first and last names, home address, date of birth, phone number and various data related to medical services provided. The Social Security numbers of two patients were also identified, according to DHS.

Nemadji began alerting the 14,591 affected individuals on Monday by mail, with recommendations on steps to protect against damaging use of the information. Those suggestions include vigilant monitoring against identity theft and fraud by actively reviewing financial accounts and monitoring credit reports.

The company is offering access to free credit monitoring and identity protection services. Individuals are also entitled under federal law to one free credit report annually from each of three major credit reporting bureaus. Reports can be ordered at www.annualcreditreport.com or by calling 877-322- 8228.

The company also reported the breach to the FBI and relevant state and federal regulators and said it has taken steps to enhance email security and employee training, according to a DHS statement.

Nemadji’s work for the county includes identifying and verifying patient eligibility for programs that reimburse the county for care provided.

A dedicated assistance line at 800-491-4740 will be staffed from 8 a.m. to 5:30 p.m. on weekdays. More details can also be found at www.nemadji.org.

Supervisor Janice Hahn said DHS trains its employees to notice and report phishing schemes, but contractors don’t necessarily offer the same training. She called for a report in 30 days on recommendations to improve internal security and privacy in health facilities operated by the county and its contract partners.

“DHS has recently undergone a risk assessment of its internal security and privacy and there are areas that need strengthening,” Hahn said in a motion that was approved by the Board of Supervisors.

–

2 comments for "Thousands of L.A. County patient records exposed in data breach"

Computer Security Expert says
July 9, 2019 at 11:38 pm
“…but contractors don’t necessarily offer the same training.”
There was probably little or no training.
windows 10 startup folder says
July 9, 2019 at 10:58 pm
Data breaching is one of the common issues in every industry especially in the IT sectors where the lots of confidential data can breach.

Joe Gastelum on 2021 AV Fair back on, 82nd annual event set for October: “This is the Best News We have Heard in a long Time, Thanking All the Antelope Valley People who are…” Jul 24, 13:37
Sonya on Maxine Waters asks for federal probe of alleged LASD gang: “Pathetic! In Scottish accent.” Jul 24, 12:17
Trumpist#1 on Judge poised to order Katie Hill to pay more attorneys’ fees: “And I forgot Anthony Weiner, lol.” Jul 24, 09:19
Warren on Widow of Lancaster sheriff’s sergeant urge support for recall of district attorney: “Yeah I would love to hear you say that after a convicted felon was released from prison because of bad…” Jul 24, 08:43
Stinger on Daily COVID cases In LA County top 3,000 for first time since February: “I concur.” Jul 24, 08:27