Almost 14,591 patients who received medical care through Los Angeles County’s hospitals and clinics had their personal information compromised in a data breach.
The data breach occurred after Nemadji Research Corporation, a contractor of the L.A. County Department of Health Services fell victim to a phishing attack in March 2019. Nemadji provides verification services to the L.A County DHS such as verifying which patients are eligible for Medi-Cal.
On March 28, 2019, a Nemadji employee opened a phishing email that allowed an unauthorized third-party to access the organization’s data for several hours. Though the data was encrypted, the employee’s email account included encryption keys.
What data was exposed?
What was the response?