BRUNO, Minn., July 26, 2019 /PRNewswire/ — Nemadji Research Corporation (“Nemadji”) provides patient eligibility and billing services to a number of healthcare facilities, including Northside Hospital, Inc., and is providing notice of a recent incident involving personal and health information.
What happened? Nemadji identified unusual activity in a single employee’s email account on March 28, 2019 due to the employee falling victim to a phishing email this same day. Upon detecting the unusual activity, Nemadji secured the employee’s email account within thirty minutes and immediately launched an investigation, with the assistance of a third-party computer forensics expert, to determine what may have happened and what information may have been affected. While Nemadji initially did not believe that the email account contained any health information, Nemadji undertook an extensive programmatic and manual review of the email account to identify what personal information was stored within the account and to whom that information related. On or about June 5, 2019, Nemadji confirmed the account contained personal information and began notifying our healthcare facility business partners.
What Information Was Involved? The personal information present in the email account at the time of the incident varied by individual but may have included first and last names and one or more of the following data elements: address, admission/discharge date, claim number, aid category, date of birth, Social Security number, diagnosis code, group name, group number, insurance information, medical record number, other encounter identifier, patient account number, Medicaid/Medicare/other identification number, and subscriber name.
What Is Nemadji Doing? Information privacy and security are among Nemadji’s highest priorities. Nemadji has strict security measures in place to protect information in our care. Upon discovering this incident, Nemadji quickly took steps to confirm the security of its systems, including employee email accounts. Nemadji reviewed existing security policies and implemented additional measures to further protect information, including enhanced email security and employee training. Nemadji also reported this incident to the Federal Bureau of Investigation and notified necessary state and federal regulators. In an abundance of caution, Nemadji is also notifying potentially impacted individuals so that they may take further steps to best protect their information, should they feel it is appropriate to do so. Although Nemadji is unaware of any actual or attempted misuse of information as a result of this incident, based on discussions with Northside Hospital, Inc., Nemadji is offering a one-year membership to a credit monitoring and identity protection service at no cost to impacted individuals.
What Can Impacted Individuals Do? Nemadji has established a dedicated assistance line for individuals seeking additional information regarding this incident. Individuals may call 1-800-491-4740, 8:00 a.m. to 5:30 p.m. PT, Monday through Friday with questions or if they would like additional information. Additional information can also be found on Nemadji’s website, https://nemadji.org. Potentially affected individuals may also consider the information and resources outlined below.
Nemadji encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity. Under U.S. law, individuals with credit reports are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report. The credit reporting agencies may be contacted as follows:
PO Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
PO Box 105788
Atlanta, GA 30348-5788
You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.
SOURCE Nemadji Research Corporation