Advertisement
California

Data breach exposes information of thousands of patients in L.A. County

la–me–0506–olive–view
Olive View-UCLA Medical Center in Sylmar is among the facilities overseen by the L.A. County Department of Health Services. A contractor for the agency was the victim of a phishing attack that led to data breach affecting thousands of patients.
(Liz O. Baylen / Los Angeles Times)

The personal information of thousands of patients who have received medical care through Los Angeles County’s hospitals and clinics was exposed in a data breach, officials said Tuesday.

The Nemadji Research Corp., which contracts with the L.A. County Department of Health Services, fell victim to a phishing attack earlier this year that allowed outside access to medical information for 14,591 patients.

The data that was exposed includes patient names, addresses, dates of birth, medical record numbers and Medi-Cal identification numbers. Two patients’ Social Security numbers were also revealed, officials said.

The Department of Health Services oversees several clinics and hospitals, including County-USC Medical Center in Boyle Heights and Olive View-UCLA Medical Center in Sylmar. The agency is the second-largest health system in the nation, according to its website.

Advertisement

The agency contracts with Nemadji, which is based in Minnesota, for help verifying which patients are eligible for programs that could cover the cost of their care, such as checking for Medi-Cal eligiblity.

On March 28, a Nemadji employee opened an email that allowed an outsider to access the company’s data for several hours. Though the data was encrypted, the email account included encryption keys that made it possible to gather patient information, according to a statement from Nemadji.

County officials said there was no evidence that its patients were the target of the attack or that any patient information had been misused.

However, Nemadji is offering access to free credit monitoring and identity protection services for anyone who may have been affected. The company said that it improved its email security systems and employee training after the attack.

Advertisement

Nemadji has set up an assistance line at (800) 491-4740 for anyone seeking more information about the incident. It will be staffed from 8 a.m. to 5:30 p.m. PST, Monday through Friday. More information can be found at the company’s website, nemadji.org.

The Department of Health Services maintains a searchable list of its facilities online.

soumya.karlamangla@latimes.com

Twitter: @skarlamangla


Advertisement