BreachExchange mailing list archives
Data breach hits Essentia Health
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 12 Jul 2019 08:57:09 -0500
https://www.duluthnewstribune.com/business/healthcare/3831695-Data-breach-hits-Essentia-Health More than 1,000 Essentia Health patients may be among those victimized in a large-scale data breach, the health system announced Wednesday. Nemadji Research Corp., a health data management business based in Bruno, Minn., fell victim to a phishing attack earlier this year that allowed outside access to medical information to 14,591 patients, the Los Angeles Times reported on Tuesday. In a news release, Essentia Health said it has notified its patients whose information may have been compromised. Essentia formerly contracted with Nemadji to assist with billing services, according to the news release, but no longer does so. “Essentia Health is not aware of any actual or attempted misuse of this information, but as a trusted health care provider, it is important to us that our patients are made aware of this disclosure so they can take steps to protect themselves,” the news release stated. In the event of a breach, health care providers are required under HIPAA to notify affected individuals, the U.S. Department of Health & Human Services; and, in some cases, the news media. All of the affected patients are being offered free credit-monitoring services, the news release added. Essentia Health had provided Nemadji with information about some of its patients to “ensure prompt and appropriate delivery of these services,” it stated. In a statement on its website, Nemadji said it identified “unusual activity” in an employee’s email account on March 28 and turned to a computer forensics expert to investigate. The investigator found that someone had access to the employee’s email account for several hours on that date after the employee fell victim to a phishing email. On June 5, the company identified the first instance in which personal information “may have been accessible,” and began notifying its clients, the website announcement stated. The data breach goes far beyond Essentia. The Los Angeles Times reported, for example, that thousands of patients of Los Angeles County’s hospitals and clinics may have been affected. Exposed data in Los Angeles County included patient names, addresses, dates of birth, medical record numbers and Medicaid identification numbers, the Times reported. In two cases, patients’ Social Security numbers were revealed. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Data breach hits Essentia Health Destry Winant (Jul 12)