LA County hospital suffers data breach

LA County

Thousands of patients of hospitals and healthcare centres across LA County have had their private information exposed in a data breach, official reports say.

The Department of Health Services in LA County holds contracts with the Nemajdi Research Corp which suffered a phishing attack earlier in 2019. The attack saw the medical details of over 14,500 patients accessed by an unauthorised party for over several hours.

Data compromised by the attack included patients’ names, residential addresses, birth dates, healthcare numbers and Medi-Cal identification numbers. Two individuals had their social security numbers exposed.

County-USC Medical Centre in Boyle Heighs and Olive View-UCLA Medical Centre in Sylmar are among the clinics and hospitals in the administrative care of the Department of Health Services in LA County. The department claims to be the second-largest healthcare infrastructure in the States.

Among other functions, the department’s partnership with Minnesota-based Nemadji helps to identify patients that make the grade for programmes that could cover healthcare costs, including the viability of drawing on Medi-Cal assistance.

The data breach incident suffered at Nemadji dates back to 28th March 2019, when an employee opened an email that granted hackers access to the organisation’s database for a window of several hours.

Data was encrypted, however the targeted email account held encryption keys that enabled patient information to be gathered, Nemadji officials said in a statement.

LA County officials have said that no evidence exists to suggest that the hacked patient data has been misused in any way.

Nemadji is now reaching out to victims of the breach and has offered free credit monitoring services and identity protection services in compensation. The firm has also said that cyber security upgrades are taking place to bolster email security, and that staff training is also being held to promote more secure workplace practices.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.