LOS ANGELES (CBSLA) — A phishing attack on a contractor to the Los Angeles County Department of Health Services exposed the personal information of nearly 14,600 patients.
Los Angeles County Department of Health officials say patients are in the process of being notified by the contractor, Nemadji Research Corporation, which identifies and verifies patient eligibility for programs that reimburse for care provided by the county.
The phishing attack happened at the end of March, giving a hacker access to the Nemadji employee’s account for several hours. Officials say there’s no indication that any patient data has been misused, but records from several Nemadji clients – including names, addresses, phone numbers and patient information – were exposed. The Social Security numbers of two patients were also identified.
Nemadji says it has since reviewed its security policies and taken steps to secure its systems, including employee email accounts. The attack has been reported to the FBI, along with state and federal regulators.