Essentia Health is notifying more than 1,000 patients that their protected health information may have been at risk when a former vendor of Essentia Health’s fell victim to a phishing incident.
Essentia Health is not aware of any actual or attempted misuse of this information, but as a trusted health care provider said it is important that its patients are made aware of this disclosure so they can take steps to protect themselves.
Essentia Health previously worked with a third-party vendor, Nemadji Research Corporation (aka “Nemadji”), to assist with billing services. To ensure prompt and appropriate delivery of these services, Essentia Health provided Nemadji with information about some of its patients.
Respecting its contractual obligations to Essentia and the strict federal privacy requirements imposed on third party vendors, Nemadji recently notified Essentia Health that patient information may have been compromised during an email phishing incident.
Steps are being taken to thoroughly investigate the incident and ensure that the privacy of patient information is maintained.
Essentia said it values the trust of its patients.
“Please be assured that Essentia Health is taking this incident very seriously,” said Julene Brown, Essentia Health Chief Compliance Officer. “Patient privacy is crucially important to us and we apply significant time and resources to safeguard all patient-related information. We apologize for any inconvenience this may cause our patients.”
All patients affected are being offered free credit monitoring services.
While letters were mailed to all patients who were impacted by this incident, questions from patients and the community about this incident can be directed to 218-786-6404, Monday through Friday, 8:00 a.m.-4:30 p.m.
— Essentia Health press release