An employee of Los Angeles County Department of Health Services contractor Nemadji Research Corp. fell victim to a phishing attack in March that exposed 14,591 L.A. County patients' personal information, Los Angeles Times reports.
Patient information that was exposed includes names, addresses, dates of birth, medical record numbers and Medi-Cal identification numbers, according to the report. Additionally, the Social Security numbers of two patients were also revealed. L.A. County officials said it does not appear that any patient data was misused.
Nemadji Research helps L.A. County DHS identify and verify patients eligible for programs that can cover their care costs. The cyberattack occurred March 28 when a Nemadji Research employee opened an email, which permitted the hacker to access the company's data for hours, LA Times reports.
L.A. County DHS operates four hospitals and 19 health centers, according to the department's website.
Nemadji Research is providing free credit monitoring and identity protection services for any patients who may have been affected by the incident. The company also said it implemented enhanced employee email security training, according to a statement on its website.