Nemadji provides patient eligibility and billing services to healthcare facilities. On March 28, 2019, a Nemadji employee fell victim to a phishing email scam. Nemadji became aware of the phishing event the same day and immediately launched an investigation to determine the nature and scope of the event. Nemadji began working with a third-party computer forensics expert and also provided notice of the event to the FBI. The investigation confirmed that an unauthorized individual had access to the one Nemadji employee’s email account. The comprehensive review of the email account revealed that it contained personal information at the time of the event. Nemadji began notifying relevant business partners to ensure they were aware of the event. To date, Nemadji is unaware of any actual or attempted misuse of information as a result of this event. However, Nemadji is providing notice out of an abundance of caution. What is an email phishing scam/event?
What is an email phishing scam/event?
A phishing email is one that attempts to trick the recipient into believing the email was sent from a reliable source but can compromise the recipient’s email account.
Am I affected?
Nemadji worked with relevant business partners to provide written notice of this incident to individuals whose personal information was present within the affected email account. If you did not receive a letter but would like to know whether you are potentially affected, please contact our call center at 1-800-491-4740, 8:00 a.m. to 5:30 p.m. PT, Monday through Friday.
What information was potentially accessed?
Personal information contained in the email account varied by individual. If you believe you are affected by this incident and would like to confirm precise information that was contained in the account at the time of the incident, you may call our call center at 1-800-491-4740, 8:00 a.m. to 5:30 p.m. PT, Monday through Friday.
Is Nemadji offering any type of monitoring services to affected individuals?
Nemadji is offering impacted individuals access to free credit monitoring and identity protection services through Kroll.
What should I do in response to this incident?
While, to date, there is no evidence of any misuse of your personal information as a result of this event, Nemadji recommends that you remain vigilant and continue to monitor your statements for unusual activity or any charges you did not make. If you see anything suspicious and suspect fraudulent activity, you should call the financial institution that issued the credit or debit card immediately.
If I think I may be a victim of fraud, what should I do?
If you believe you are a victim of attempted or actual identity theft or fraud, Nemadji encourages you to take the following steps:
- Contact appropriate financial institutions to protect or close any accounts that have been tampered with or opened fraudulently.
- Contact the credit reporting agencies to place a “fraud alert” or “security freeze” on your credit reports.
- File a police report and ask for a copy for your records.
- File a complaint with the Federal Trade Commission.
- File a complaint with your state Attorney General.
- Keep good records.
- Keep notes of anyone you talk to regarding this incident, what he/she told you, and the date of the conversation;
- Keep originals of all correspondence and forms relating to the suspicious or fraudulent activity, identity theft, or fraud; and,
- Retain originals of supporting documentation, such as police reports and letters to and from creditors. When requested to produce supporting documentation, send copies.
- Keep old files, even if you believe the problem is resolved.
What is the purpose of a “fraud alert”?
An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file at no cost to the consumer. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.
What is the purpose of a “security freeze”?
A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.
If I see fraudulent charges on my credit card, what should I do?
We encourage you to immediately contact the issuing financial institution for instructions on how to dispute charges and having a new account issued. Incidents of identity theft and fraud should be reported to law enforcement, your state Attorney General, and the Federal Trade Commission.
Why does Nemadji have my information?
Nemadji provides patient eligibility and billing services for its medical provider clients. Therefore, you or a family member may have received services at a healthcare facility for whom Nemadji provides these services.
Posted Jul 8, 2019