BRUNO, Minn., July 9, 2019 /PRNewswire/ -- Nemadji Research Corporation (d/b/a California Reimbursement Enterprises) ("Nemadji") provides patient eligibility and billing services to a number of hospitals and healthcare facilities, including the Los Angeles County Department of Health Services (DHS), as a business associate. Nemadji is providing notice of a recent breach involving personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA). To date, Nemadji has not received any reports that personal information has been misused as a result of this incident.
What happened? On March 28, 2019, Nemadji identified unusual activity in an employee's email account. Nemadji immediately launched an investigation, with the assistance of a third-party computer forensics expert, to determine what may have happened and what information may have been affected. The investigation determined that an unknown individual had access to the employee's email account for several hours on March 28, 2019 due to the employee falling victim to a phishing email. A phishing email is an attempt to collect sensitive information by appearing to come from a reliable source. Nemadji's employees use email accounts to communicate about and perform services for DHS. Nemadji immediately launched an investigation, with the assistance of a third-party computer forensics expert, to determine what may have happened and what information may have been affected.
On June 5, 2019, Nemadji identified the first instance of personal information that may have been accessible as a result of this incident, and Nemadji began providing notice of the incident to its healthcare facility business partners. On June 26, 2019, Nemadji confirmed to DHS that the phishing attack may have impacted 14,591 DHS patients. The investigation did not reveal evidence suggesting personal information relating to DHS patients was specifically targeted by the phishing event.
What Information Was Involved? The personal information for DHS patients present in the email account at the time of the incident varied by individual but may have included first and last names and one or more of the following data elements: address, date of birth, phone number, patient account number, medical record number, admission and discharge dates, Medi-Cal identification number, month and year of service. The Social Security Number of two patients and diagnostic codes of four patients were also identified.
What Is Nemadji Doing? Nemadji is notifying individuals potentially impacted by the breach via first class mail beginning July 8, 2019. The notifications will include detailed information on the recommended steps individuals may take to protect their information. Although Nemadji is unaware of any actual or attempted misuse of information as a result of this incident, Nemadji is offering potentially impacted individuals access to free credit monitoring and identity protection services.
Information privacy and security are among Nemadji's highest priorities. Nemadji has strict security measures in place to protect information in our care. Upon discovering this incident, Nemadji quickly took steps to confirm the security of its systems, including employee email accounts. Nemadji reviewed existing security policies and implemented additional measures to further protect information, including enhanced email security and employee training. Nemadji also reported this incident to the Federal Bureau of Investigation and notified necessary state and federal regulators.
What Can Impacted Individuals Do? Nemadji has established a dedicated assistance line for individuals seeking additional information regarding this incident. Individuals may call 1-800-491-4740 from 8:00 a.m. to 5:30 p.m. PT, Monday through Friday with questions or if they would like additional information. Additional information can also be found on Nemadji's website, https://nemadji.org. Potentially affected individuals may also consider the information and resources outlined below.
Nemadji encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity. Under U.S. law, individuals with credit reports are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report. The credit reporting agencies may be contacted as follows:
PO Box 9554
P.O. Box 2000
PO Box 105788
Allen, TX 75013
Chester, PA 19016
Atlanta, GA 30348-5788
You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.
SOURCE Nemadji Research Corporation